Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
simstudioai sim CRON Secret internal.ts improper authentication
Vulnerability Description
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Sim Studio 安全漏洞
Vulnerability Description
Sim Studio是Sim Studio开源的一个AI代理工作流构建器。 Sim Studio 0.5.27及之前版本存在安全漏洞,该漏洞源于对文件apps/sim/lib/auth/internal.ts中参数INTERNAL_API_SECRET的错误操作,可能导致身份验证不当。
CVSS Information
N/A
Vulnerability Type
N/A