Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Vulnerability Description
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Misskey 路径遍历漏洞
Vulnerability Description
Misskey是Misskey开源的一个永久免费的开源联合社交媒体平台。 Misskey 12.31.0至2025.4.1之前版本存在路径遍历漏洞,该漏洞源于Mk:api验证不足,可能导致未授权访问端点。
CVSS Information
N/A
Vulnerability Type
N/A