PT-2026-57952 · Nextlevelbuilder · Goclaw
Eric-B
·
Publicado
2026-07-14
·
Atualizado
2026-07-14
·
CVE-2026-15624
CVSS v3.1
6.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create video byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Goclaw