Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSift: Race-prone local persistence could cause state corruption/loss
Vulnerability Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
OpenSift 安全漏洞
Vulnerability Description
OpenSift是OpenSift开源的一款人工智能学习助手。 OpenSift 1.1.2-alpha及之前版本存在安全漏洞,该漏洞源于使用非原子且同步不足的本地JSON持久化流程,可能导致并发操作丢失更新或损坏跨会话、学习、测验、闪卡、健康、身份验证存储的本地状态。
CVSS Information
N/A
Vulnerability Type
N/A