| Title | AstrBotDevs AstrBot 4.22.1 Server-Side Request Forgery (SSRF) |
|---|
| Description | AstrBot versions up to and including 4.22.1 contain multiple Server-Side Request Forgery (SSRF) vulnerabilities. Several API endpoints accept user-controlled URLs or proxy parameters and make server-side HTTP requests without any URL validation, scheme restriction, or internal network access controls. An attacker can exploit this to access internal network services, cloud instance metadata endpoints, and other resources not intended to be publicly accessible. |
|---|
| Source | ⚠️ https://github.com/AstrBotDevs/AstrBot/issues/7171 |
|---|
| User | Yu_Bao (UID 89348) |
|---|
| Submission | 03/30/2026 05:51 (13 days ago) |
|---|
| Moderation | 04/11/2026 10:50 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356979 [AstrBotDevs AstrBot up to 4.22.1 API Endpoint post_data.get server-side request forgery] |
|---|
| Points | 20 |
|---|