2 matches found
is-localhost-ip 代码问题漏洞
is-localhost-ip is a tool by the individual developer Konstantin Vyatkin to check if a given host/DNS name or IPv4/IPv6 address belongs to the local computer. A code issue vulnerability exists in is-localhost-ip version 2.0.0, which stems from a restriction bypass that could lead to a server-side...
Server-side Request Forgery (SSRF)
Overview timetagger is a Tag your time, get the insight - an open source time tracker for individuals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to binding to 0.0.0.0:80 by default and not checking for localhost requests in the getwebtokenlocalhost...