Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
Vulnerability Description
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the save_report tool in openchatbi/tool/save_report.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the file_format parameter. This issue has been patched in version 0.2.2.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenChatBI 路径遍历漏洞
Vulnerability Description
OpenChatBI是Yu Zhong个人开发者的一个基于自然语言对话的智能数据分析与可视化工具。 OpenChatBI 0.2.2之前版本存在路径遍历漏洞,该漏洞源于openchatbi/tool/save_report.py中的save_report工具对file_format参数输入清理不足,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A