Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Overwrite in danswer-ai/danswer
Vulnerability Description
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials method, where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write file contents. This allows attackers to overwrite or create arbitrary files if a zuliprc- directory already exists in the temporary directory.
CVSS Information
N/A
Vulnerability Type
路径遍历:’..filename’
Vulnerability Title
Danswer 安全漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer存在安全漏洞,该漏洞源于任意文件覆盖,可能导致文件系统被篡改。
CVSS Information
N/A
Vulnerability Type
N/A