Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
prompts.chat Blind SSRF via media-generate
Vulnerability Description
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests to the /api/media-generate endpoint to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
prompts.chat 代码问题漏洞
Vulnerability Description
prompts.chat是Fatih Kadir Akın个人开发者的一个开源AI提示词库。 prompts.chat 1464475之前版本存在代码问题漏洞,该漏洞源于Wiro媒体生成器中存在盲服务器端请求伪造,可能导致认证用户通过控制inputImageUrl参数探测内部网络、访问内部服务并渗漏数据。
CVSS Information
N/A
Vulnerability Type
N/A