Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server Side Request Forgery (SSRF) in imartinez/privategpt
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
PrivateGPT 安全漏洞
Vulnerability Description
PrivateGPT是一个 AI 项目。 PrivateGPT 0.5.0版本存在安全漏洞,该漏洞源于容易受到服务端请求伪造(SSRF)攻击,允许攻击者发送精心设计的请求,从而导致未经授权访问和潜在的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A