Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SillyTavern: Path traversal allows file existence oracle
Vulnerability Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SillyTavern 路径遍历漏洞
Vulnerability Description
SillyTavern是SillyTavern开源的一个大语言模型的前端界面。 SillyTavern 1.17.0之前版本存在路径遍历漏洞,该漏洞源于静态文件路由处理程序存在路径遍历,可能导致任何未经身份验证的用户探测服务器文件系统上任意文件是否存在。
CVSS Information
N/A
Vulnerability Type
N/A