CNNVD-202509-4519 Information
CNNVD ID
CNNVD-202509-4519
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
AgentAPI是Coder开源的一个接口项目。 AgentAPI 0.3.3及之前版本存在安全漏洞,该漏洞源于容易受到客户端DNS重绑定攻击,可能导致未经授权的敏感用户数据泄露。
Description (English)
AgentAPI is an interface project for Coder open source. AgentAPI 0.3.3 and previous versions contain a security loophole, which arises from the vulnerability of the client to DNS re-enactment attacks, which may lead to unauthorized disclosure of sensitive user data.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Coder
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149 https://github.com/coder/agentapi/pull/49 https://github.com/coder/agentapi/releases/tag/v0.4.0 https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4 https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration/
Patch
https://github.com/coder/agentapi/releases
Share on: