漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Access Control in lunary-ai/lunary
Vulnerability Description
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Lunary 访问控制错误漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.2及之前版本存在访问控制错误漏洞,该漏洞源于允许未经授权的用户通过向未充分验证提示ID所有权的端点提供特定提示ID来查看任何项目中的任何提示。
CVSS Information
N/A
Vulnerability Type
N/A