2 matches found
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
SUSE CVE-2019-1000009
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...