Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authentication in infiniflow/ragflow
Vulnerability Description
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilitate further attacks, such as phishing or spam, and result in loss of trust and potential regulatory issues.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
RAGFlow 安全漏洞
Vulnerability Description
RAGFlow是InfiniFlow开源的一个基于深度文档理解的开源 RAG 引擎。 RAGFlow v0.12.0版本存在安全漏洞,该漏洞源于未正确验证身份验证,可能导致隐私泄露。
CVSS Information
N/A
Vulnerability Type
N/A