Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Request Smuggling in netease-youdao/qanything
Vulnerability Description
HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
NetEase QAnything 环境问题漏洞
Vulnerability Description
NetEase QAnything是中国网易(NetEase)公司的致力于支持任意格式文件或数据库的本地知识库问答系统,可断网安装使用。 NetEase QAnything 1.4.1版本存在环境问题漏洞,该漏洞源于HTTP请求走私,可能导致未经授权的访问和任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A