| Название | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error |
|---|
| Описание | An authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration. |
|---|
| Источник | ⚠️ https://github.com/decolua/9router/issues/742 |
|---|
| Пользователь | brad (UID 97565) |
|---|
| Представление | 11.05.2026 03:49 (30 дни назад) |
|---|
| Модерация | 31.05.2026 16:11 (21 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 367548 [decolua 9router до 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host эскалация привилегий] |
|---|
| Баллы | 20 |
|---|