漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PraisonAI before 1.6.78 Tool Approval Cache Bypass
Vulnerability Description
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
MervinPraison PraisonAI 授权问题漏洞
Vulnerability Description
MervinPraison PraisonAI是MervinPraison个人开发者的 MervinPraison PraisonAI 1.6.78之前版本存在授权问题漏洞,该漏洞源于工具批准决策仅按工具名称缓存,导致攻击者可能会利用首次批准在会话中执行未经审查参数的恶意文件写入操作。
CVSS Information
N/A
Vulnerability Type
N/A