https://blog.qife122.com/tags/%E4%BB%A3%E7%90%86%E6%BB%A5%E7%94%A8/ Recent content in 代理滥用 on 办公AI智能小助手 Hugo zh-cn qife Wed, 10 Dec 2025 01:11:39 +0800 https://blog.qife122.com/p/marimo-%E6%9C%AA%E7%BB%8F%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%9A%84%E4%BB%A3%E7%90%86%E6%BC%8F%E6%B4%9E%E5%8F%AF%E5%AF%BC%E8%87%B4%E5%86%85%E9%83%A8%E6%9C%8D%E5%8A%A1%E6%9A%B4%E9%9C%B2/ Wed, 10 Dec 2025 01:11:39 +0800 https://blog.qife122.com/p/marimo-%E6%9C%AA%E7%BB%8F%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%9A%84%E4%BB%A3%E7%90%86%E6%BC%8F%E6%B4%9E%E5%8F%AF%E5%AF%BC%E8%87%B4%E5%86%85%E9%83%A8%E6%9C%8D%E5%8A%A1%E6%9A%B4%E9%9C%B2/ <h3 id="漏洞详情">漏洞详情</h3> <p><strong>严重性</strong>：中等</p> <p><strong>漏洞标识符</strong>：GHSA-xjv7-6w92-42r7</p> <p><strong>受影响的版本</strong>：&gt;= 0.9.20, &lt; 0.16.4 <strong>已修复的版本</strong>：0.16.4</p> <h3 id="摘要">摘要</h3> <p>默认安装的 Marimo 中，无需身份验证即可访问的 <code>/mpl/&lt;port&gt;/&lt;route&gt;</code> 端点，允许外部攻击者访问内部服务和任意端口。</p>