Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Path Equivalence Resolution in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication.
CVSS Information
N/A
Vulnerability Type
对路径等价的解析不恰当
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary afc5df4版本存在安全漏洞,该漏洞源于权限检查机制存在缺陷,可能导致未授权访问敏感端点。
CVSS Information
N/A
Vulnerability Type
N/A