| शीर्षक | https://github.com/jeecgboot/JeecgBoot <=3.91 SSRF |
|---|
| विवरण | JeecgBoot is an open-source enterprise low-code platform built on Spring Boot. The uploadImgByHttp endpoint in its file management module accepts an arbitrary user-supplied URL, fetches the content from that URL server-side, and saves it as a file. The endpoint performs no security validation on the target URL — no allowlist, no private IP filtering, no protocol restriction — allowing an attacker to leverage it for Server-Side Request Forgery (SSRF) attacks. |
|---|
| स्रोत | ⚠️ https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/JeecgBoot_Server-Side_Request_Forgery_SSRF.md |
|---|
| उपयोगकर्ता | JD Security SHENYI Team (UID 97436) |
|---|
| सबमिशन | 17/04/2026 09:57 AM (2 महीनों पहले) |
|---|
| संयम | 09/05/2026 09:00 AM (22 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 360562 [JeecgBoot तक 3.9.1 uploadImgByHttpEndpoint CommonController.java अधिकार वृद्धि] |
|---|
| अंक | 0 |
|---|