SSRF 引起未授权远程代码执行

High

kalcaddle published GHSA-6f8p-4w5q-j5j2

Dec 6, 2022

Package

No package listed

Affected versions

<= 4.49

Patched versions

None

Description

SSRF检测不严格任意文件读取

Severity

High

7.7

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

High

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H