Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of Sensitive Information in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.
CVSS Information
N/A
Vulnerability Type
敏感信息的不安全存储
Vulnerability Title
Lunary 信息泄露漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.5及之前版本存在信息泄露漏洞,该漏洞源于存在信息泄露漏洞,令牌会暴露给未经授权的行为者,从而允许他们代表用户执行操作。
CVSS Information
N/A
Vulnerability Type
N/A