| tiêu đề | jeecgboot JeecgBoot <= v3.9.1 SSRF |
|---|
| Mô tả | A Server-Side Request Forgery (SSRF) vulnerability exists in the /airag/app/debug endpoint of JeecgBoot. An authenticated attacker can provide arbitrary internal or external URLs via the files parameter in the request body. The server processes these URLs through AiragChatServiceImpl and uses FileDownloadUtils.download2DiskFromNet() to fetch the files. Because the application fails to validate the host or IP address of the provided URLs, it can be forced to make outbound HTTP requests to internal services, local ports, or cloud instance metadata endpoints (e.g., x.x.x.x). The vulnerability can be exploited even if an extension whitelist is present by appending a permitted extension (like .pdf) to the URL path.
|
|---|
| Nguồn | ⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9611 |
|---|
| Người dùng | Ana10gy (UID 93358) |
|---|
| Đệ trình | 08/05/2026 16:19 (cách đây 27 ngày) |
|---|
| Kiểm duyệt | 31/05/2026 11:56 (23 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 367519 [jeecgboot The server processes these URLs đến 3.9.1 Cloud Instance Metadata Endpoint /airag/app/debug FileDownloadUtils.download2DiskFromNet nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|