OpenBMB XAgent community path traversal

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对路径名的限制不恰当(路径遍历)

XAgent 路径遍历漏洞

XAgent是OpenBMB开源的一个开源的实验性大型语言模型（LLM）驱动的自治代理。 XAgent 1.0.0及之前版本存在路径遍历漏洞，该漏洞源于文件/conv/community存在路径遍历。

N/A

N/A