Sipeed PicoClaw
- <= 0.2.9
A server-side request forgery (SSRF) vulnerability has been identified in Sipeed PicoClaw versions through 0.2.9. The issue resides in the 'isPrivateOrRestrictedIP' function within 'pkg/tools/integration/web.go', specifically in the 'web_fetch' component. The vulnerability arises because the IP restriction logic fails to block special-use IPv4 addresses, such as '198.18.0.0/15', which should be considered restricted. This oversight allows an attacker to bypass the application's network egress policy and access internal resources via the 'web_fetch' tool.
Exploitation of this vulnerability bypasses the application's outbound network restrictions, allowing unauthorized access to external services or internal resources that could be exploited for further attacks.
The vulnerability can be reproduced by using the 'web_fetch' tool to request a URL that includes a special-use IPv4 address within the '198.18.0.0/15' range. This request will successfully bypass the application's SSRF protections and reach the intended destination, demonstrating the vulnerability.
Users are advised to update to Sipeed PicoClaw version 0.3.1 or later, where this vulnerability has been patched.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.