| タイトル | router-for-me CLIProxyAPI 6.9.29 Server-Side Request Forgery |
|---|
| 説明 | CLIProxyAPI is a proxy server that provides OpenAI/Gemini/Claude/Codex compatible API interfaces for CLI.In the internal/api/handlers/management/api_tools.go file, the application does not fully verify and filter the URL parameters provided by the user, and directly uses them to initiate server requests.The vulnerability allows an attacker to convince a server to make an unauthorized HTTP request to an internal or external system. Attackers can use this vulnerability to access services and sensitive data on the internal network where the server is located, scan internal network ports and services, bypass firewalls to access restricted resources, and initiate requests to third-party systems (which may cause business impact). |
|---|
| ソース | ⚠️ https://github.com/m3ngx1ng/cve/blob/main/CLIProxyAPI-SSRF.md |
|---|
| ユーザー | m3x1 (UID 92411) |
|---|
| 送信 | 2026年04月19日 11:59 (2 月 ago) |
|---|
| モデレーション | 2026年05月07日 14:12 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 361836 [router-for-me CLIProxyAPI 6.9.29 API Interface api_tools.go url 特権昇格] |
|---|
| ポイント | 20 |
|---|