Bytedesk
Monthly
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIGiteeRestService component, enabling them to make arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, which requires valid user credentials to exploit. Users should upgrade to version 1.4.5.4 or later to remediate the issue.
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIOpenrouterRestController, enabling arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Upgrading to version 1.4.5.4 or later resolves this issue.
Unrestricted file upload in Bytedesk versions up to 1.3.9 allows authenticated remote attackers to upload arbitrary SVG files through the handleFileUpload function in UploadRestService.java. Public exploit code exists for this vulnerability, and attackers can leverage it to bypass file upload restrictions and potentially execute malicious content. Upgrade to version 1.4.5.1 or apply patch 975e39e4dd527596987559f56c5f9f973f64eff7 to remediate.
Unrestricted file upload in Bytedesk versions up to 1.3.9 allows authenticated remote attackers to upload malicious SVG files through the UploadRestController component. Public exploit code exists for this vulnerability, which could enable attackers to execute arbitrary code or compromise system integrity. Update to version 1.4.5.1 or later to remediate this issue.
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIGiteeRestService component, enabling them to make arbitrary network requests from the affected server. Public exploit code exists for this vulnerability, which requires valid user credentials to exploit. Users should upgrade to version 1.4.5.4 or later to remediate the issue.
Server-side request forgery in Bytedesk versions up to 1.3.9 allows authenticated attackers to manipulate the apiUrl parameter in the SpringAIOpenrouterRestController, enabling arbitrary HTTP requests from the affected server. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Upgrading to version 1.4.5.4 or later resolves this issue.
Unrestricted file upload in Bytedesk versions up to 1.3.9 allows authenticated remote attackers to upload arbitrary SVG files through the handleFileUpload function in UploadRestService.java. Public exploit code exists for this vulnerability, and attackers can leverage it to bypass file upload restrictions and potentially execute malicious content. Upgrade to version 1.4.5.1 or apply patch 975e39e4dd527596987559f56c5f9f973f64eff7 to remediate.
Unrestricted file upload in Bytedesk versions up to 1.3.9 allows authenticated remote attackers to upload malicious SVG files through the UploadRestController component. Public exploit code exists for this vulnerability, which could enable attackers to execute arbitrary code or compromise system integrity. Update to version 1.4.5.1 or later to remediate this issue.