Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authorization on Delete Datasets in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. The impact of this vulnerability is significant as it permits unauthorized users to delete datasets, potentially leading to data loss or disruption of service.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.2版本存在安全漏洞,该漏洞源于缺少授权和身份验证机制,允许任何用户通过向端点发送DELETE请求来删除数据集,导致数据丢失或服务中断。
CVSS Information
N/A
Vulnerability Type
N/A