漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SSRF in mintplex-labs/anything-llm
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
AnythingLLM 代码问题漏洞
Vulnerability Description
AnythingLLM是符合业务要求的文档聊天机器人。 AnythingLLM 存在代码问题漏洞,该漏洞源于上传链接功能中存在服务器端请求伪造 (SSRF) 漏洞。
CVSS Information
N/A
Vulnerability Type
N/A