A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Weakness
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Related Attack Patterns
References
- https://github.com/zyddnys/manga-image-translator/
- https://github.com/zyddnys/manga-image-translator/issues/1118
- https://github.com/zyddnys/manga-image-translator/issues/1119
- https://vuldb.com/?ctiid.350390
- https://vuldb.com/?id.350390
- https://vuldb.com/?submit.768180
- https://vuldb.com/?submit.768210
- https://vuldb.com/?submit.768211
- https://vuldb.com/?submit.768212
- https://vuldb.com/?submit.768214
- https://vuldb.com/?submit.768224
- https://vuldb.com/?submit.768225