Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
Vulnerability Description
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Letta-ai letta 安全漏洞
Vulnerability Description
Letta-ai letta是Letta-ai开源的一个具有内存、推理和上下文管理的有状态代理框架。 Letta-ai letta 0.16.4版本存在安全漏洞,该漏洞源于对文件letta/helpers/message_helper.py中参数ImageContent的错误操作,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A