Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LangBot has a cross-directory file upload vulnerability, which could lead to system takeover
Vulnerability Description
LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.
CVSS Information
N/A
Vulnerability Type
相对路径遍历
Vulnerability Title
LangBot 代码问题漏洞
Vulnerability Description
LangBot是LangBot开源的一个大模型即时通信机器人开发平台。 LangBot 4.1.0版本至4.3.5之前版本存在代码问题漏洞,该漏洞源于/api/v1/files/documents接口未严格限制服务器文件存储目录,可能导致任意文件上传。
CVSS Information
N/A
Vulnerability Type
N/A