CNNVD-202511-484 Information

CNNVD ID

CNNVD-202511-484

Related CVE

CVE-2025-64327

• CNNVD Published: 2025-11-06

Description (Chinese)

ThinkDashboard是MatiasDesu个人开发者的一个轻量级的、自托管的书签仪表板。 ThinkDashboard 0.6.7及之前版本存在安全漏洞，该漏洞源于/api/ping?url=端点存在服务器端请求伪造漏洞，可能导致攻击者向内部或外部主机发送任意请求。

Description (English)

ThinkDashboard is a lightweight, self-hosted bookmark dashboard for Matias Desu personal developers. ThinkDashboard 0.6.7 and previous versions had a security loophole, which originated in/api/ping?url=end where server requests were forged, which could lead the attackers to send arbitrary requests to internal or external hosts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/MatiasDesuu/ThinkDashboard/commit/16976263b22a4b0526b2c7c30294cc099258edae https://github.com/MatiasDesuu/ThinkDashboard/releases/tag/0.6.8 https://github.com/MatiasDesuu/ThinkDashboard/security/advisories/GHSA-p52r-qq3j-8p78

Patch

https://github.com/MatiasDesuu/ThinkDashboard/releases