Riasztások

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by...

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by...

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to...

In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-Origin` to `*` for...

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests...

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited...

A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the...

automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be...

A vulnerability in langchain-core versions >=0.1.17,=0.2.0,=0.3.0,

A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This issue affects the...