Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local File Inclusion in bentoml/openllm
Vulnerability Description
A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment.
CVSS Information
N/A
Vulnerability Type
路径遍历:’..filename’
Vulnerability Title
OpenLLM 安全漏洞
Vulnerability Description
OpenLLM是BentoML开源的一个开源 LLM。 OpenLLM 0.6.10版本存在安全漏洞,该漏洞源于未对用户输入进行验证,可能导致本地文件包含攻击。
CVSS Information
N/A
Vulnerability Type
N/A