Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenBMB XAgent workspace.py workspace path traversal
Vulnerability Description
A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument file_name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
XAgent 路径遍历漏洞
Vulnerability Description
XAgent是OpenBMB开源的一个开源的实验性大型语言模型(LLM)驱动的自治代理。 XAgent 1.0.0版本存在路径遍历漏洞,该漏洞源于对文件XAgentServer/application/routers/workspace.py函数workspace参数file_name的错误操作,可能导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A