Name of the Vulnerable Software and Affected Versions:

Exrick xboot versions through 3.3.4

Description:

A critical vulnerability exists in Exrick xboot related to the Swagger component. The issue involves server-side request forgery (SSRF) resulting from the manipulation of the `loginUrl` argument within the `SecurityController.java` file located at `xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/`. This manipulation allows for remote attacks. The exploit for this vulnerability has been publicly disclosed.

Recommendations:

Versions prior to 3.3.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.