Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
RAGFlow 安全漏洞
Vulnerability Description
RAGFlow是InfiniFlow开源的一个基于深度文档理解的开源 RAG 引擎。 RAGFlow 0.18.1及之前版本存在安全漏洞,该漏洞源于暴力破解攻击可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A