Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenViking .ovpack Import ZIP Slip Path Traversal
Vulnerability Description
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenViking 安全漏洞
Vulnerability Description
OpenViking是Volcengine开源的一个人工智能代理的上下文数据库。 OpenViking 0.2.1及之前版本存在安全漏洞,该漏洞源于.ovpack导入处理存在路径遍历,可能导致攻击者通过特制的ZIP归档在预期目录外写入文件。
CVSS Information
N/A
Vulnerability Type
N/A