Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2025/06/29 9:30 a.m.7 views

Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

9.8CVSS7AI score0.00482EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/06/29 9:30 a.m.3 views

GHSA-QMGV-J263-QR33 Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

6.3CVSS7AI score0.00482EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.4 views

LangChain-Chatchat 路径遍历漏洞

LangChain-Chatchat is a Chatchat-Space open source chatbot software developed based on the LangChain framework. A path traversal vulnerability exists in LangChain-Chatchat 0.3.1 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter flag in the file...

9.8CVSS6.2AI score0.00482EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.9 views

PT-2025-27354 · Unknown · Langchain-Chatchat

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1 Description: A critical vulnerability has been found in Langchain-Chatchat, affecting the upload temp docs function of the /knowledge base/upload temp docs file in the Backend component. The manipulatio...

6.5CVSS7.1AI score0.00482EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.3 views

PT-2024-18966 · Unknown · Comfyui-Impact-Pack

Name of the Vulnerable Software and Affected Versions: ComfyUI-Impact-Pack affected versions not specified Description: The issue stems from missing validation of the image.filename field in a POST request sent to the "/upload/temp" endpoint, resulting in writing arbitrary files to the file syste...

9.2CVSS7.7AI score0.00973EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/02/22 12:0 a.m.7 views

Keybase Desktop Client Security Vulnerability

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability exists in the Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, which allows an attacker to obtain potentially sensitive media in the...

5.5CVSS6.1AI score0.00296EPSS
Exploits1References4
Rows per page
Query Builder