Lanfei-4

**Name of the Vulnerable Software and Affected Versions** Dice version 4.2.0 **Description** An arbitrary file upload issue allows attackers to execute arbitrary code via a crafted file. **Recommendations** For Dice version 4.2.0, update to a version that fixes this issue to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mysiteforme version 2.2.1 **Description** The issue is related to a Server-Side Request Forgery. **Recommendations** For mysiteforme version 2.2.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Rebuild version 2.8.3 **Description** A Server-Side Request Forgery (SSRF) issue allows attackers to obtain the real IP address and scan Intranet information via the `fileurl` parameter. This enables attackers to access internal network details. **Recommendations** For Rebuild version 2.8.3, consider restricting access to the `fileurl` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `fileurl` parameter in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.