Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kilo Code Prompt ClineProvider.ts ClineProvider injection
Vulnerability Description
A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Kilo Code 安全漏洞
Vulnerability Description
Kilo Code是Kilo Code开源的一个AI编码助手。 Kilo Code 4.86.0及之前版本存在安全漏洞,该漏洞源于对Prompt Handler组件中ClineProvider函数操作不当,可能导致注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A