Submeter #641128: langfuse https://github.com/langfuse/langfuse <=3.88.0 SSRFinformação

Títulolangfuse https://github.com/langfuse/langfuse <=3.88.0 SSRF
DescriçãoA SSRF vulnerability was discovered on the endpoint /api/trpc/prompts.create (tested on v3.88.0). The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting in an SSRF vulnerability that allows attackers to exploit this flaw to probe and exploit internal services of the target system.
Fonte⚠️ https://github.com/langfuse/langfuse/issues/8522
Utilizador
 ZAST.AI (UID 87884)
Submissão25/08/2025 12h47 (há 10 meses)
Moderação01/09/2025 14h24 (7 days later)
EstadoAceite
Entrada VulDB322114 [Langfuse até 3.88.0 Webhook promptRouter.ts promptChangeEventSourcing Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!