提交 #852946: Sipeed PicoClaw <= 0.2.9 Server-Side Request Forgery (CWE-918)信息

标题Sipeed PicoClaw <= 0.2.9 Server-Side Request Forgery (CWE-918)
描述# Technical Details A Server-Side Request Forgery guard bypass exists in the `web_fetch` IP classifier in `pkg/tools/integration/web.go` of PicoClaw. The application fails to recognize RFC 5214 ISATAP IPv6 literals that embed loopback or private IPv4 addresses behind `:5efe:`. The classifier handles direct IPv4, 6to4, and Teredo, but does not decode ISATAP before returning `false`. # Vulnerable Code File: `pkg/tools/integration/web.go` Method: `WebFetchTool.Execute` Why: Performs preflight private-host checks that rely on an incomplete IP classifier. File: `pkg/tools/integration/web.go` Method: `isPrivateOrRestrictedIP` Why: Handles direct IPv4, 6to4, and Teredo, but omits ISATAP embedded IPv4 decoding. File: `pkg/tools/integration/web.go` Method: `newSafeDialContext` Why: Uses the same incomplete classifier at connect time, allowing misclassified ISATAP payloads to proceed. # Reproduction 1. Invoke the exported `web_fetch` tool with `http://[2001:db8:1234::5efe:127.0.0.1]:80/canary`. 2. Observe the crafted ISATAP payload is not rejected as private/local and returns a fetch result. 3. Invoke a protected control payload such as a 6to4-embedded loopback address. 4. Observe the control is blocked with `fetching private or local network hosts is not allowed`. # Impact - Bypasses built-in SSRF protections for crafted IPv6 literals. - Allows requests toward loopback or private-network HTTP services that should be forbidden. - May expose local admin interfaces, sidecars, internal metadata, or HTTP-reachable internal services.
来源⚠️ https://github.com/sipeed/picoclaw/issues/3074
用户
 Eric-i (UID 97584)
提交2026-06-09 13時29分 (1 月前)
管理2026-07-17 15時50分 (1 month later)
状态已接受
VulDB条目379796 [Sipeed PicoClaw 直到 0.2.9 web.go web_fetch 权限提升]
积分20

Do you know our Splunk app?

Download it now for free!