2 matches found
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
PrivateGPT 安全漏洞
PrivateGPT is an AI project open-sourced by Zylon. A security vulnerability exists in PrivateGPT version 0.6.2 and earlier, which stems from improper cross-domain policy due to misuse of the parameter alloworigins in the file settings.yaml...