Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vanna-ai vanna FastAPI/Flask Server cross-domain policy
Vulnerability Description
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Vanna 安全漏洞
Vulnerability Description
Vanna是Vanna公司的一个个性化 AI SQL 代理。 vanna 2.0.2及之前版本存在安全漏洞,该漏洞源于组件FastAPI/Flask Server存在过于宽松的跨域策略,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A