漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Vulnerability Description
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Misskey 路径遍历漏洞
Vulnerability Description
Misskey是Misskey开源的一个永久免费的开源联合社交媒体平台。 Misskey 12.31.0至2025.4.1之前版本存在路径遍历漏洞,该漏洞源于Mk:api验证不足,可能导致未授权访问端点。
CVSS Information
N/A
Vulnerability Type
N/A