N/A

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

N/A

通过用户控制密钥绕过授权机制

Chainlit 安全漏洞

Chainlit是chainlit开源的一个大模型对话界面框架。 Chainlit 2.8.5之前版本存在安全漏洞，该漏洞源于存在通过用户控制密钥的授权绕过，可能导致攻击者登录后查看线程或获取线程所有权。

N/A

N/A