Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rembg has a Path Traversal via Custom Model Loading
Vulnerability Description
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can force the server to attempt loading any file as an ONNX model, revealing file existence, permissions, and potentially file contents through error messages. This vulnerability is fixed in 2.0.75.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Rembg 安全漏洞
Vulnerability Description
Rembg是Daniel Gatis个人开发者的一个删除图像背景的工具。 Rembg 2.0.75之前版本存在安全漏洞,该漏洞源于HTTP服务器model_path参数验证不足,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A