Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FastApiAdmin Download Endpoint controller.py download_controller information disclosure
Vulnerability Description
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
FastAPI Admin 访问控制错误漏洞
Vulnerability Description
FastAPI Admin是FastAPI Admin开源的一个基于 FastAPI 和 TortoiseORM 的快速管理仪表板。 FastAPI Admin 2.2.0及之前版本存在访问控制错误漏洞,该漏洞源于对组件Download Endpoint中文件/backend/app/api/v1/module_common/file/controller.py的函数download_controller的参数file_path的错误操作,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A