Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
从非可信源包含Web功能例程
Vulnerability Title
Anki 安全漏洞
Vulnerability Description
Anki是Ankitects开源的一个Anki的共享后端和web组件,以及Qt前端。 Anki 25.02及之前版本存在安全漏洞,该漏洞源于特制共享牌组可能导致攻击者控制内部API访问。
CVSS Information
N/A
Vulnerability Type
N/A