Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential Information Leak in User-Constructed Message Templates in nonebot2
Vulnerability Description
nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
NoneBot 安全漏洞
Vulnerability Description
NoneBot是NoneBot开源的一个现代、跨平台、可扩展的Python聊天机器人框架。 nonebot2 2.0.0a16至2.1.3版本存在安全漏洞,该漏洞源于MessageTemplate存在信息泄露漏洞。
CVSS Information
N/A
Vulnerability Type
N/A