| Title | Harness harness v3.3.0 SSRF |
|---|
| Description | An attacker can provide an internal IP address or hostname in the `url` parameter. The `git ls-remote` command will attempt to connect to this internal resource, allowing the attacker to scan internal networks, access internal services, or bypass firewall rules. |
|---|
| Source | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md |
|---|
| User | Yu Bao (UID 88956) |
|---|
| Submission | 09/03/2025 09:24 (9 months ago) |
|---|
| Moderation | 09/20/2025 09:05 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325115 [Harness 3.3.0 lookup_repo.go LookupRepo url server-side request forgery] |
|---|
| Points | 17 |
|---|