Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox
Vulnerability Description
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
权限/沙箱问题
Vulnerability Title
AstrBot 安全漏洞
Vulnerability Description
AstrBot是AstrBot开源的一个多平台 LLM 聊天机器人及开发框架。 AstrBot 4.22.1及之前版本存在安全漏洞,该漏洞源于install-upload Endpoint组件中文件astrbot/dashboard/routes/plugin.py的install_plugin_upload函数对参数File处理不当,可能导致沙箱问题。
CVSS Information
N/A
Vulnerability Type
N/A