Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations
Vulnerability Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file read/write/delete flows if malicious path-like values were introduced. This issue has been patched in version 1.6.3-alpha.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenSift 路径遍历漏洞
Vulnerability Description
OpenSift是OpenSift开源的一款人工智能学习助手。 OpenSift 1.6.3-alpha之前版本存在路径遍历漏洞,该漏洞源于多个存储助手使用的路径构建模式未统一强制执行基目录包含,可能导致文件读/写/删除流程中存在路径注入风险。
CVSS Information
N/A
Vulnerability Type
N/A