जमा करें #855795: mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)जानकारी

शीर्षकmosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)
विवरण# Technical Details An SSRF vulnerability exists in the default `web_fetch` execution path in `tools/tool_web_fetch.go`, with configuration seeded by `config.Default()` and policy evaluation in `tools/web_fetch_policy.go`, of clawlet. The application fails to deny loopback and RFC1918/private-network HTTP targets at runtime. The default configuration sets `AllowedDomains` to `["*"]`, and the fetch path checks only hostname policy before sending the request, so localhost and internal services remain reachable. # Vulnerable Code File: `config/config.go`, `tools/tool_web_fetch.go`, `tools/web_fetch_policy.go` Method: `config.Default`, `(*Registry).webFetch`, `allowHostByPolicy` Why: `config.Default()` creates a wildcard-allow web policy, and `(*Registry).webFetch` relies on `allowHostByPolicy` without any built-in loopback/private-IP deny check before `http.Client.Do`. The redirect callback repeats the same incomplete validation. # Reproduction 1. Start a loopback canary HTTP server on the host running clawlet. 2. Invoke the real `tools.Registry.Execute("web_fetch", ...)` path under `config.Default()` with a URL pointing to `127.0.0.1`, `localhost`, or another internal HTTP endpoint. 3. Confirm the returned tool output contains the canary response body and the canary server records the inbound hit; then apply a restrictive domain policy to verify the control request is blocked. # Impact - Loopback-only and private-network HTTP services can be reached through the clawlet host. - Sensitive internal responses can be disclosed directly to the model or caller. - The host can be abused as a pivot for further internal HTTP interaction.
स्रोत⚠️ https://github.com/mosaxiv/clawlet/issues/14
उपयोगकर्ता
 Eric-b (UID 96354)
सबमिशन11/06/2026 09:05 AM (1 महीना पहले)
संयम13/07/2026 06:57 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि378123 [mosaxiv clawlet तक 0.2.10 tools/tool_web_fetch.go tools.webFetch अधिकार वृद्धि]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!