Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
milvus HTTP Endpoint expr.go expr.Exec deserialization
Vulnerability Description
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
milvus 代码问题漏洞
Vulnerability Description
milvus是The Milvus Project开源的一个高性能的云原生矢量数据库。 milvus 2.6.7及之前版本存在代码问题漏洞,该漏洞源于对组件HTTP Endpoint的文件pkg/util/expr/expr.go中函数expr.Exec的参数code的错误操作,可能导致反序列化攻击。
CVSS Information
N/A
Vulnerability Type
N/A