# OpenAI-compatible HTTP model overrides could miss admin authorization ## 漏洞概述 OpenAI-compatible HTTP model overrides could miss admin authorization. In affected versions, a lower-trust caller or con…
### 漏洞概述 **漏洞名称**: Passphrase Brute-Force via Unthrottled POST /p/token/access Endpoint with No Per-Push Lockout **漏洞描述**: PasswordPusher的passphrase验证端点(POST /p/token/access)没有针对特定推送的速率限制、尝试计数器或推送级锁定。…