| Título | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error |
|---|
| Descripción | An authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration. |
|---|
| Fuente | ⚠️ https://github.com/decolua/9router/issues/742 |
|---|
| Usuario | brad (UID 97565) |
|---|
| Sumisión | 2026-05-11 03:49 (hace 26 días) |
|---|
| Moderación | 2026-05-31 16:11 (21 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 367548 [decolua 9router hasta 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host escalada de privilegios] |
|---|
| Puntos | 20 |
|---|