漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
manga-image-translator Shared API Unsafe Deserialization RCE
Vulnerability Description
manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Manga/Image Translator 代码问题漏洞
Vulnerability Description
Manga/Image Translator是zyddnys个人开发者的一个图片内文字翻译工具。 Manga/Image Translator beta-0.3及之前版本存在代码问题漏洞,该漏洞源于FastAPI端点使用pickle.loads反序列化攻击者控制的请求体时未经验证,可能导致未经验证的远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A