漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Denial of Service in danny-avila/librechat
Vulnerability Description
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
LibreChat 资源管理错误漏洞
Vulnerability Description
LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat 0.7.9版本存在资源管理错误漏洞,该漏洞源于/api/memories端点未限制参数值大小,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A