| Название | huimeicloud hmEditor 2.2.3 Server-Side Request Forgery |
|---|
| Описание | A server-side request forgery (SSRF) vulnerability has been identified in hmEditor, a product developed by huimeicloud. The application fails to properly validate user-supplied URLs in multiple request handlers, allowing an attacker to make arbitrary HTTP requests from the server. Specifically, the /image-to-base64 endpoint in src/mcp-server.js accepts a url parameter via HTTP POST requests and passes it directly to the client.get() method without sufficient validation or sanitization. Similarly, the src/print.js component passes user-controlled URLs to Puppeteer's page.goto() method. An attacker can exploit this flaw to probe internal network resources, access sensitive metadata endpoints (e.g., cloud instance metadata services), or interact with other internal systems that are not intended to be exposed. The vulnerability exists because the application trusts user-provided input as the destination for outbound HTTP requests and browser navigation operations without implementing an effective allowlist or blocking dangerous destinations such as loopback addresses or private network ranges.
|
|---|
| Источник | ⚠️ https://github.com/wing3e/public_exp/issues/11 |
|---|
| Пользователь | BigW (UID 96422) |
|---|
| Представление | 16.03.2026 19:53 (17 дни назад) |
|---|
| Модерация | 01.04.2026 18:04 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354701 [huimeicloud hm_editor до 2.2.3 image-to-base64 Endpoint src/mcp-server.js client.get url эскалация привилегий] |
|---|
| Баллы | 20 |
|---|