제출 #855795: mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)정보

제목mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)
설명# Technical Details An SSRF vulnerability exists in the default `web_fetch` execution path in `tools/tool_web_fetch.go`, with configuration seeded by `config.Default()` and policy evaluation in `tools/web_fetch_policy.go`, of clawlet. The application fails to deny loopback and RFC1918/private-network HTTP targets at runtime. The default configuration sets `AllowedDomains` to `["*"]`, and the fetch path checks only hostname policy before sending the request, so localhost and internal services remain reachable. # Vulnerable Code File: `config/config.go`, `tools/tool_web_fetch.go`, `tools/web_fetch_policy.go` Method: `config.Default`, `(*Registry).webFetch`, `allowHostByPolicy` Why: `config.Default()` creates a wildcard-allow web policy, and `(*Registry).webFetch` relies on `allowHostByPolicy` without any built-in loopback/private-IP deny check before `http.Client.Do`. The redirect callback repeats the same incomplete validation. # Reproduction 1. Start a loopback canary HTTP server on the host running clawlet. 2. Invoke the real `tools.Registry.Execute("web_fetch", ...)` path under `config.Default()` with a URL pointing to `127.0.0.1`, `localhost`, or another internal HTTP endpoint. 3. Confirm the returned tool output contains the canary response body and the canary server records the inbound hit; then apply a restrictive domain policy to verify the control request is blocked. # Impact - Loopback-only and private-network HTTP services can be reached through the clawlet host. - Sensitive internal responses can be disclosed directly to the model or caller. - The host can be abused as a pivot for further internal HTTP interaction.
원천⚠️ https://github.com/mosaxiv/clawlet/issues/14
사용자
 Eric-b (UID 96354)
제출2026. 06. 11. AM 09:05 (1 월 ago)
모더레이션2026. 07. 13. PM 06:57 (1 month later)
상태수락
VulDB 항목378123 [mosaxiv clawlet 까지 0.2.10 tools/tool_web_fetch.go tools.webFetch 권한 상승]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!