漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Search Cache Isolation for Scoped Search API Keys in Typesense
Vulnerability Description
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across requests with different Scoped Search API Key constraints. This could result in a request receiving search results that should have been restricted by its Scoped Search API Key. This issue only affects search requests that use both server-side search result caching and Scoped Search API Keys with embedded filters to restrict access to search results within a collection. This vulnerability may result in unintended disclosure of search results across scoped authorization contexts. This issue has been patched in versions 29.1 and 30.2.
CVSS Information
N/A
Vulnerability Type
通过缓存导致的信息暴露
Vulnerability Title
typesense 信息泄露漏洞
Vulnerability Description
typesense是美国typesense组织的一个内存搜索引擎。 typesense 29.1之前版本和30.2之前版本存在信息泄露漏洞,该漏洞源于缓存隔离问题,可能导致特定请求顺序下,不同Scoped Search API Key约束的缓存搜索结果被重用,从而在授权环境间意外泄露搜索结果。
CVSS Information
N/A
Vulnerability Type
N/A