Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MaxKB Python Sandbox Bypass in Function Library
Vulnerability Description
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
MaxKB 安全漏洞
Vulnerability Description
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 1.10.8-lts之前版本存在安全漏洞,该漏洞源于沙盒仅限制常见目录中二进制文件的执行权限,可能导致攻击者利用非黑名单目录中的文件进行攻击。
CVSS Information
N/A
Vulnerability Type
N/A