जमा करें #768043: Bytedesk <=1.3.9 SSRFजानकारी

शीर्षकBytedesk <=1.3.9 SSRF
विवरणThe endpoint GET /openrouter/api/v1/models accepts a user-supplied apiUrl parameter and passes it directly to a RestTemplate.exchange() call without validation or allowlist enforcement. An attacker supplies an attacker-controlled URL, causing the server to issue an outbound HTTP request to an arbitrary host. DNS callback logs confirm the SSRF, enabling internal network scanning, cloud metadata access, or credential theft.
स्रोत⚠️ https://github.com/Bytedesk/bytedesk/issues/20
उपयोगकर्ता
 ZAST.AI (UID 87884)
सबमिशन26/02/2026 07:19 AM (5 महीनों पहले)
संयम08/03/2026 08:20 AM (10 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि349755 [Bytedesk तक 1.3.9 SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels apiUrl अधिकार वृद्धि]
अंक19

Want to stay up to date on a daily basis?

Enable the mail alert feature now!