漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
Vulnerability Description
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory creation and write files outside the intended custom-agent directory, potentially achieving arbitrary file write on the system subject to filesystem permissions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
DeerFlow 安全漏洞
Vulnerability Description
DeerFlow是Bytedance开源的一个开源智能体编排框架,用于协调子代理与技能执行。 DeerFlow存在安全漏洞,该漏洞源于引导模式自定义代理创建中代理名称验证被绕过,可能导致路径遍历和任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A