Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Session 1.17.5 - LFR via chat attachment
Vulnerability Description
Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Session 路径遍历漏洞
Vulnerability Description
Session是Oxen开源的一种新型的加密私人信使。 Session 1.17.5版本存在路径遍历漏洞。攻击者利用该漏洞可以从用户的设备获取内部应用程序文件和公共文件。
CVSS Information
N/A
Vulnerability Type
N/A