漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Vulnerability Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Langflow 路径遍历漏洞
Vulnerability Description
Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.7.1之前版本存在路径遍历漏洞,该漏洞源于/profile_pictures/{folder_name}/{file_name}端点参数过滤不严格,可能导致跨目录读取secret_key。
CVSS Information
N/A
Vulnerability Type
N/A