漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Input Validation in mintplex-labs/anything-llm
Vulnerability Description
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
AnythingLLM 输入验证错误漏洞
Vulnerability Description
AnythingLLM是符合业务要求的文档聊天机器人。 AnythingLLM存在输入验证错误漏洞,该漏洞源于输入验证不当,具有管理员角色的用户能够制作包含嵌套写入操作的请求,从而创建新的管理员帐户。
CVSS Information
N/A
Vulnerability Type
N/A