Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MaxKB has a reverse shell vulnerability in function library
Vulnerability Description
MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
MaxKB 代码注入漏洞
Vulnerability Description
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB存在代码注入漏洞,该漏洞源于函数库模块存在反向Shell漏洞,允许特权用户创建反向Shell。
CVSS Information
N/A
Vulnerability Type
N/A