漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Data Poisoning in EmbedAI
Vulnerability Description
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
PrivateGPT 安全漏洞
Vulnerability Description
PrivateGPT是一个 AI 项目。 PrivateGPT存在安全漏洞,该漏洞源于缺乏安全会话管理实现以及CORS策略薄弱,导致存在跨站请求伪造(CSRF)漏洞。攻击者可以用该漏洞引发数据中毒攻击。
CVSS Information
N/A
Vulnerability Type
N/A