| 제목 | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error |
|---|
| 설명 | An authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration. |
|---|
| 원천 | ⚠️ https://github.com/decolua/9router/issues/742 |
|---|
| 사용자 | brad (UID 97565) |
|---|
| 제출 | 2026. 05. 11. AM 03:49 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 31. PM 04:11 (21 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367548 [decolua 9router 까지 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host 권한 상승] |
|---|
| 포인트들 | 20 |
|---|