7044 matches found
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
SummaryAn authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible t...
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
SummaryAn inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types.Note: This repor...
Starlette has possible denial-of-service vector when parsing large files in multipart forms
SummaryWhen parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. DetailsPlease see this discussion for details:...
Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Path-Traversal - Arbitrary File Write in Assemblyline Service ClientIMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed within...
Aim vulnerable to Cross-site Scripting
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
FastAPI Guard has a regex bypass
SummaryThe regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. DetailsIn version 3.0.1, you can find a commit like the one in the link below, which was made to prevent...
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
Dagster Local File Inclusion vulnerability
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
SummaryThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute...
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time
SummaryAn inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time.While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it is...
fastapi-guard is vulnerable to ReDoS through inefficient regex
Summaryfastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs.It is not as severe as...
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting ...
py-libp2p is vulnerable to DoS attacks through use of large RSA keys
py-libp2p before 0.2.3 allows a peer to cause a denial of service resource consumption via a large RSA key...
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...
Indico vulnerability allows attackers to bulk dump user details
ImpactAn endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such as name, affiliation and email in bulk. !TIP If your instance allows everyone to create a user account, and you wish to truly restrict access to these user...
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
SummaryAny unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. DetailsAny unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. This ...
Dagster vulnerable to Path Traversal attack through its /logs endpoint
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...
Transformers is vulnerable to ReDoS attack through its DonutProcessor class
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...
Langchain-Chatchat vulnerable to path traversal
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...
Transformers vulnerable to ReDoS attack through its get_imports() function
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting the Papers Loaders package before version 0.3.2 in llama-index v0.10.0 and above through v0.12.29. This vulnerability allows ...
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability 500 errors until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures.Thank yo...
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
Incomplete Documentation of Program Execution exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer...
Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, before version 0.5.2 specifically in version 0.12.27 of llama-index, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as...
Langchain-Chatchat vulnerable to path traversal
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and...
ChangeDetection.io XSS in watch overview
ImpactXSS - Errors in filters from website page change detection watches were not being filtered. Patches0.50.4...
Langchain-Chatchat has a Path Traversal vulnerability
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3 handles redirects and retries using the same mechanism, which is controlled by the Retry object. The most common way to disable redirects is at the request level, as follows:pythonresp = urllib3.request"GET", "https://httpbin.org/redirect/1", redirect=Falseprintresp.status 302However, it ...
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
SummaryA critical remote code execution vulnerability was discovered during the Llama Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passin...
urllib3 does not control redirects in browsers and Node.js
urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means you can use Python libraries to make HTTP requests from your browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects.However, the retries a...
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
Salt's worker process vulnerable to denial of service through file read operation
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/singlellmcall.py of the component Jinja2 Template Handler. The manipulation of the argument usermessage leads to imprope...
Weblate exposes personal IP address via e-mail
ImpactThe audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. PatchesThis issue has been addressed in Weblate 5.12 via https://github.com/WeblateOrg/weblate/pull/15102. ReferencesThanks to...
Weblate lacks rate limiting when verifying second factor
ImpactThe verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. PatchesThis issue has been addressed in Weblate 5.12 via...
Salt's file contents overwrite the VirtKey class
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
protobuf-python has a potential Denial of Service issue
SummaryAny project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit.Reporter: Alexis Challande, Trail of Bits...
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from...
Backend.AI Missing Authorization vulnerability
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.NOTE: The maintainers of BackendAI do not consider this report to fit...