漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
VoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authorization
Vulnerability Description
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
VoltAgent 权限许可和访问控制问题漏洞
Vulnerability Description
VoltAgent VoltAgent是VoltAgent组织的一个用于构建、编排与运行AI智能体工作流的开发框架。 VoltAgent 2.1.17及之前版本存在安全漏洞,该漏洞源于Memory REST API组件的handleGetMemoryConversation函数对conversationId参数操作可能导致授权不当,攻击者可能从远程利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A