Отправить #768043: Bytedesk <=1.3.9 SSRFИнформация

Название	Bytedesk <=1.3.9 SSRF
Описание	The endpoint GET /openrouter/api/v1/models accepts a user-supplied apiUrl parameter and passes it directly to a RestTemplate.exchange() call without validation or allowlist enforcement. An attacker supplies an attacker-controlled URL, causing the server to issue an outbound HTTP request to an arbitrary host. DNS callback logs confirm the SSRF, enabling internal network scanning, cloud metadata access, or credential theft.
Источник	⚠️ https://github.com/Bytedesk/bytedesk/issues/20
Пользователь	ZAST.AI (UID 87884)
Представление	26.02.2026 07:19 (1 месяц назад)
Модерация	08.03.2026 08:20 (10 days later)
Статус	принято
Запись VulDB	349755 [Bytedesk до 1.3.9 SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels apiUrl эскалация привилегий]
Баллы	19

Do you want to use VulDB in your project?

Use the official API to access entries easily!