Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling
Vulnerability Description
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially accessing internal services or cloud credentials. This vulnerability only affects applications that accept message history from external users. This vulnerability is fixed in 1.56.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
pydantic-ai 代码问题漏洞
Vulnerability Description
pydantic-ai是Pydantic开源的一个用于构建生产级应用程序和工作流的生成式AI框架。 pydantic-ai 1.56.0之前版本存在代码问题漏洞,该漏洞源于URL下载功能存在服务端请求伪造漏洞,当应用程序接受来自不可信源的消息历史记录时,攻击者可包含恶意URL,导致服务器向内部网络资源发出HTTP请求,可能访问内部服务或云凭据。
CVSS Information
N/A
Vulnerability Type
N/A