Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CORS Misconfiguration in netease-youdao/qanything
Vulnerability Description
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such security issues.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
NetEase QAnything 访问控制错误漏洞
Vulnerability Description
NetEase QAnything是中国网易(NetEase)公司的致力于支持任意格式文件或数据库的本地知识库问答系统,可断网安装使用。 NetEase QAnything 1.4.1版本存在访问控制错误漏洞,该漏洞源于CORS配置不当,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A