| タイトル | Page Replica 1.0 Server-Side Request Forgery |
|---|
| 説明 | A Server-Side Request Forgery vulnerability (CWE-918) exists in the sitemap scraping functionality. The /sitemap endpoint accepts a user-controlled url parameter and directly passes it to sitemap.fetch() without any validation, sanitization, or allowlist restrictions. This behavior allows an attacker to supply arbitrary URLs, causing the server to initiate outbound requests to attacker-specified destinations.
Because the request originates from the server environment, an attacker may abuse this functionality to access internal network services, cloud metadata endpoints, or other resources that are otherwise inaccessible from the internet. |
|---|
| ソース | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/page_replica.md |
|---|
| ユーザー | lakshay12311 (UID 91298) |
|---|
| 送信 | 2026年03月11日 07:34 (22 日 ago) |
|---|
| モデレーション | 2026年03月26日 17:02 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353658 [Page-Replica Page Replica 迄 e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 Endpoint /sitemap sitemap.fetch url 特権昇格] |
|---|
| ポイント | 20 |
|---|