Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
Vulnerability Description
A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
deep-searcher 访问控制错误漏洞
Vulnerability Description
deep-searcher是Zilliz开源的一个基于大模型与向量数据库的私有数据搜索与智能问答工具。 deep-searcher 0.0.2及之前版本存在访问控制错误漏洞,该漏洞源于文件deepsearcher/agent/collection_router.py的函数CollectionRouter.invoke对参数kwargs的操作,可能导致访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A