Gửi #825188: decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Errorthông tin

tiêu đềdecolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error
Mô tảAn authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration.
Nguồn⚠️ https://github.com/decolua/9router/issues/742
Người dùng
 brad (UID 97565)
Đệ trình11/05/2026 03:49 (cách đây 26 ngày)
Kiểm duyệt31/05/2026 16:11 (21 days later)
Trạng tháiđược chấp nhận
Mục VulDB367548 [decolua 9router đến 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host nâng cao đặc quyền]
điểm20

TrướcTổng QuanTiếp theo

Do you want to use VulDB in your project?

Use the official API to access entries easily!