Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF in danswer-ai/danswer
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Danswer 跨站请求伪造漏洞
Vulnerability Description
Danswer是Danswer AI开源的一个连接到公司文档、应用程序和人员的人工智能助手。 Danswer v1.4.1版本存在跨站请求伪造漏洞。攻击者利用该漏洞可以在受害者浏览器环境中执行未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A