| 标题 | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error |
|---|
| 描述 | An authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration. |
|---|
| 来源 | ⚠️ https://github.com/decolua/9router/issues/742 |
|---|
| 用户 | brad (UID 97565) |
|---|
| 提交 | 2026-05-11 03時49分 (25 日前) |
|---|
| 管理 | 2026-05-31 16時11分 (21 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367548 [decolua 9router 直到 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host 权限提升] |
|---|
| 积分 | 20 |
|---|