Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AstrBot 安全漏洞
Vulnerability Description
AstrBot是AstrBot开源的一个多平台 LLM 聊天机器人及开发框架。 AstrBot v3.5.22版本存在安全漏洞,该漏洞源于_encode_image_bs64函数未验证图像路径合法性,可能导致任意文件读取和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A