CVE-2024-50811

Name of the Vulnerable Software and Affected Versions: hopetree izone lts version c011b48

Description: The issue is related to a server-side request forgery (SSRF) vulnerability in the active push function. This vulnerability occurs because the apps/tool/apis/bd push.py file does not securely filter user input through the push urls() and get urls() functions.

Recommendations: For version c011b48, ensure that the push urls() and get urls() functions in the apps/tool/apis/bd push.py file are modified to securely filter user input to prevent SSRF attacks. As a temporary workaround, consider restricting access to the bd push.py module to minimize the risk of exploitation.