漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Docling Core has insufficient validation of image reference URIs
Vulnerability Description
Docling Core defines core data types and transformations for the document processing application Docling. In versions 2.5.0 and above, prior to 2.74.1, docling-core could allow local file:// image references and accepted inline data: content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads. This issue has been fixed in version 2.74.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
docling-project docling-core 资源管理错误漏洞
Vulnerability Description
docling-project docling-core是docling-project组织的一款文档核心处理中间件。 docling-project docling-core 2.5.0版本至2.74.1之前版本存在安全漏洞,该漏洞源于文档处理应用允许本地file://图像引用和接受内联数据内容且未限制解码大小,可能导致访问本地文件或大量内联有效载荷导致过多内存使用。
CVSS Information
N/A
Vulnerability Type
N/A