漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes
Vulnerability Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
LibreChat 安全漏洞
Vulnerability Description
LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat 0.8.0及之前版本存在安全漏洞,该漏洞源于未充分验证JSON请求输入,可能导致非预期的提示修改。
CVSS Information
N/A
Vulnerability Type
N/A