Submit #754042: feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta Arbitrary_File_Read/SSRFinfo

Titlefeiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta Arbitrary_File_Read/SSRF
DescriptionFor the API `/api/admin/common/files/download`, **Server-Side Request Forgery (SSRF)** and arbitrary file read vulnerabilities can be exploited when the value of `oss.accessMode` is not set to **"private"**.
Source⚠️ https://github.com/yuccun/CVE/blob/main/sz-boot-parent-SSRF_and_Arbitrary_File_Read.md
User
 yuccun (UID 93614)
Submission02/07/2026 20:15 (2 months ago)
Moderation02/25/2026 09:32 (18 days later)
StatusAccepted
VulDB entry347747 [feiyuchuixue sz-boot-parent up to 1.3.2-beta download url server-side request forgery]
Points16

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!