漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Path Equivalence Resolution in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication.
CVSS Information
N/A
Vulnerability Type
对路径等价的解析不恰当
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary afc5df4版本存在安全漏洞,该漏洞源于权限检查机制存在缺陷,可能导致未授权访问敏感端点。
CVSS Information
N/A
Vulnerability Type
N/A