Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lobe Chat unauthorized access to plugins
Vulnerability Description
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Lobe Chat 安全漏洞
Vulnerability Description
Lobe Chat是一个开源、高性能的聊天机器人框架。 Lobe Chat存在安全漏洞,该漏洞源于无需适当的授权(无需密码)即可访问插件。
CVSS Information
N/A
Vulnerability Type
N/A