Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

Gitroom Postiz 代码注入漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Previous versions of Gitroom Postiz had a code injection vulnerability. This vulnerability stemmed from a Pwn Request vulnerability present in the workflow for building and publishing PR Docker images, which could...

Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

Gitroom Postiz 安全漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.6 contained security vulnerabilities. These vulnerabilities were caused by a bypass in file upload validation, which could lead to storage-side cross-site scripting attacks...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.5 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in the/api/public/stream endpoint. The application...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of server-side request forgery protection in the POST /public/v1/upload-from-url endpoint, whi...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of authentication and server request forgery protection at the GET/public/stream endpoint,...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.4 contained code vulnerabilities. These vulnerabilities stemmed from the lack of a verifier that prevents internal/private network addresses being used for the POST...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is a social media scheduling tool from Gitroom open source. A code issue vulnerability exists in Gitroom Postiz versions 1.45.1 through 1.62.3, which stems from HTTP header injection and could lead to server-side request forgery...