Passing of headers to an unauthorized actor may occur. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet.
Attackers can take advantage of this feature for SSRF.įlyteConsole is the web user interface for the Flyte platform. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Databasir 1.01 has Server-Side Request Forgery vulnerability. A security issue was discovered in Z-BlogPHP In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.ĭatabasir is a team-oriented relational database model document management platform.
0 kommentar(er)
