Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery (SSRF) in vanna-ai/vanna
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Vanna 代码问题漏洞
Vulnerability Description
Vanna是Vanna公司的一个个性化 AI SQL 代理。 Vanna存在代码问题漏洞,该漏洞源于使用DuckDB作为数据库时存在服务器端请求伪造,攻击者可以通过提交特制的SQL查询进行未经授权的请求。
CVSS Information
N/A
Vulnerability Type
N/A