Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect Authorization in lunary-ai/lunary
Vulnerability Description
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation ID, due to the lack of project ID verification in the SQL query. As a result, attackers can gain access to potentially private data contained within the evaluation results.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 Lunary 存在安全漏洞,该漏洞源于SQL 查询中缺乏项目 ID 验证,容易出现身份验证问题,允许未经授权的用户仅通过知道评估 ID 即可检索任何组织的评估结果,攻击者利用该漏洞可以访问评估结果中包含的隐私数据。
CVSS Information
N/A
Vulnerability Type
N/A