Отправить #758974: itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request ForgeryИнформация

Названиеitwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Server-Side Request Forgery
ОписаниеpaiCoding contains a Server-Side Request Forgery (SSRF) vulnerability in the image upload functionality. The application allows authenticated users to provide external image URLs for automatic conversion and storage. However, the URL validation logic is insufficient, allowing attackers to access internal network resources, cloud metadata endpoints, and other restricted services.
Источник⚠️ https://fx4tqqfvdw4.feishu.cn/docx/NK7KdbIrboeB6WxwfhucW1YgnCb?from=from_copylink
Пользователь
 xcxr (UID 86629)
Представление16.02.2026 01:55 (4 месяцы назад)
Модерация26.02.2026 17:41 (11 days later)
Статуспринято
Запись VulDB348015 [itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 Image Save Endpoint ImageRestController.java save img эскалация привилегий]
Баллы19

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!