Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GeekAI net_handler.go Download server-side request forgery
Vulnerability Description
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
GeekAI 代码问题漏洞
Vulnerability Description
GeekAI是GeekMaser个人开发者的一个大语言模型助手。 GeekAI 4.2.4及之前版本存在代码问题漏洞,该漏洞源于文件api/handler/net_handler.go中函数Download对参数url的操作不当,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A