Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway
Vulnerability Description
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
GitLab AI Gateway 安全漏洞
Vulnerability Description
GitLab AI Gateway是美国GitLab公司的一个人工智能服务中间件。 GitLab AI Gateway 18.1.6版本、18.2.6版本、18.3.1版本至18.6.1版本、18.7.0版本和18.8.0版本存在安全漏洞,该漏洞源于通过特制Duo Agent Platform Flow定义对用户提供的数据进行不安全的模板扩展,可能导致拒绝服务或获得网关上的代码执行权限。
CVSS Information
N/A
Vulnerability Type
N/A