Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine
Vulnerability Description
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-1336
Vulnerability Title
PySpur 安全漏洞
Vulnerability Description
PySpur是PySpur开源的一个代理工作流的可视化游乐场:迭代代理的速度提高10倍。 PySpur 0.1.18及之前版本存在安全漏洞,该漏洞源于对文件backend/pyspur/nodes/llm/single_llm_call.py中参数user_message的错误操作导致模板引擎特殊元素中和不当。
CVSS Information
N/A
Vulnerability Type
N/A