PT-2026-60926 · Sipeed · Picoclaw
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sipeed PicoClaw versions prior to 0.3.0
Description
An issue exists in the
web fetch() function within the pkg/tools/integration/web.go file that allows for server-side request forgery (SSRF), a condition where an attacker can induce the server to make requests to an unintended location. This flaw enables remote exploitation.Recommendations
Deploy patch c15aac21fe05ee103a470e1104bc891754e83392 for versions prior to 0.3.0.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picoclaw