Submeter #825188: decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Errorinformação

Títulodecolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error
DescriçãoAn authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration.
Fonte⚠️ https://github.com/decolua/9router/issues/742
Utilizador
 brad (UID 97565)
Submissão11/05/2026 03h49 (há 26 dias)
Moderação31/05/2026 16h11 (21 days later)
EstadoAceite
Entrada VulDB367548 [decolua 9router até 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!