Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Vulnerability Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Frigate 安全漏洞
Vulnerability Description
Frigate是Blake Blackshear个人开发者的一款专为具有 AI 对象检测功能的家庭助理设计的完整本地 NVR。 Frigate 0.13.2之前版本存在安全漏洞,该漏洞源于当上传文件或检索文件名时,用户可能会故意使用较大的Unicode文件名,这将导致应用程序级拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A