CNNVD-202509-3983 Information
CNNVD ID
CNNVD-202509-3983
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
cors-anywhere是Rob Wu个人开发者的一个NodeJS的反向代理。 cors-anywhere存在安全漏洞,该漏洞源于配置为开放代理时允许未经验证的外部用户诱导服务器向任意目标发出HTTP请求,可能导致服务端请求伪造攻击。
Description (English)
Cors-anywhere is a NodeJS reverse agent of Rob Wu’s personal developer. There is a security loophole in the Cors-anywhere, which stems from the fact that an open agent is configured to allow uncertified external users to induce servers to send HTTP requests to random targets, which may result in a service-side request for a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LitexMedia
Published
2025-09-25
Last Modified
2026-02-24
References
https://github.com/Rob–W/cors-anywhere/issues/152 https://github.com/Rob–W/cors-anywhere/issues/78 https://www.certik.com/resources/blog/cors-anywhere-dangers-of-misconfigured-third-party-software https://www.vulncheck.com/advisories/rob-w-cors-anywhere-misconfigured-cors-proxy-allows-ssrf
Share on: