Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
Vulnerability Description
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /{{(.*?)}}/g, causing the server to hang indefinitely and become unresponsive to any requests. This is due to the regular expression's susceptibility to second-degree polynomial time complexity, which can be triggered by a large number of braces in the input.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Lunary 资源管理错误漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary be54057版本存在资源管理错误漏洞,该漏洞源于compileTextTemplate函数中的正则表达式可能导致正则表达式拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A