| Titre | glowxq glowxq-oj 1.0.0 Server-Side Request Forgery |
|---|
| Description | glowxq-oj contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the test case upload functionality. The ProblemCaseController class has an endpoint annotated with @SaIgnore that accepts a user-controlled URL parameter and passes it directly to HttpUtils.download() via FileUtils.downloadFile(). |
|---|
| La source | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/K0SjdZTPRo31LExSdlfcC3jwn1c?from=from_copylink |
|---|
| Utilisateur | xcxr (UID 86629) |
|---|
| Soumission | 03/03/2026 06:47 (il y a 2 mois) |
|---|
| Modérer | 15/03/2026 09:36 (12 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 351112 [glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl élévation de privilèges] |
|---|
| Points | 19 |
|---|