漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
从非可信源包含Web功能例程
Vulnerability Title
Anki 安全漏洞
Vulnerability Description
Anki是Ankitects开源的一个Anki的共享后端和web组件,以及Qt前端。 Anki 25.02及之前版本存在安全漏洞,该漏洞源于特制共享牌组可能导致攻击者控制内部API访问。
CVSS Information
N/A
Vulnerability Type
N/A