Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Coral Server has insufficient validation of agent identity for SSE connections
Vulnerability Description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. This could theoretically allow unauthorized message injection or observation. This vulnerability is fixed in 1.1.0.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
coral-server 安全漏洞
Vulnerability Description
coral-server是CoralOS开源的一个基于Docker的服务器运行与配置管理工具。 coral-server 1.1.0之前版本存在安全漏洞,该漏洞源于SSE端点未严格验证连接代理的合法性,可能导致未经授权的消息注入或观察。
CVSS Information
N/A
Vulnerability Type
N/A