漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
New API has an SQL LIKE Wildcard Injection DoS via Token Search
Vulnerability Description
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/token/search` endpoint allows authenticated users to cause denial of service through resource exhaustion by crafting malicious search patterns. The token search endpoint accepts user-supplied `keyword` and `token` parameters that are directly concatenated into SQL LIKE clauses without escaping wildcard characters (`%`, `_`). This allows attackers to inject patterns that trigger expensive database queries. Version 0.10.8-alpha.10 contains a patch.
CVSS Information
N/A
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Vulnerability Title
New API 安全漏洞
Vulnerability Description
New API是QuantumNous开源的一个接口软件。 New API 0.10.8-alpha.10之前版本存在安全漏洞,该漏洞源于/api/token/search端点存在SQL LIKE通配符注入,可能导致通过资源消耗进行拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A