Yu_Bao

**Name of the Vulnerable Software and Affected Versions** ChatGPTNextWeb NextChat versions prior to 2.16.2 **Description** A flaw in the API Endpoint component within the Next.js file allows for a permissive cross-domain policy with untrusted domains. This issue enables a remote attacker to execute a manipulation that bypasses domain restrictions. **Recommendations** Update to version 2.16.2 or later.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent version 0.8.0 **Description** A flaw in the ` check sensitive path()` function within the tools/file tools.py file allows for symlink following, which occurs when a program follows a symbolic link to access a file or directory it should not. This issue requires local access for exploitation. **Recommendations** Update to version 0.9.0.

**Name of the Vulnerable Software and Affected Versions** hermes-agent version 0.8.0 **Description** A path traversal issue exists in the WeChat Work Platform Adapter component, specifically within the `gateway/platforms/wecom.py` file. This flaw allows a remote attacker to manipulate file paths to access unauthorized directories or files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the `gateway/platforms/wecom.py` file or the WeChat Work Platform Adapter component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MiroFish versions prior to 0.1.3 **Description** A flaw in the REST API Endpoint component allows remote attackers to bypass authentication. This issue occurs within the `create app()` function located in the `backend/app/ init .py` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the REST API Endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 666ghj MiroFish versions prior to 0.1.3 **Description** An issue exists in the Werkzeug Debugger PIN Handler component within the '/console' file. A remote attacker can cause information disclosure by manipulating the `SECRET` argument. This attack is characterized by high complexity and is difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AstrBotDevs AstrBot versions prior to 4.22.2 **Description** A flaw in the Dashboard API component allows remote attackers to exploit improper neutralization of special elements used in a template engine. This occurs within the `create template()` function located in the `astrbot/dashboard/routes/t2i.py` file. **Recommendations** As a temporary workaround, consider restricting access to the `create template()` function in the `astrbot/dashboard/routes/t2i.py` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go-kratos kratos versions prior to 2.9.3 **Description** A security flaw in the http.DefaultServeMux Fallback Handler allows a remote attacker to cause an unintended intermediary. This issue occurs within the `NewServer()` function located in the transport/http/server.go file. **Recommendations** Apply patch 0284a5bcf92b5a7ee015300ce3051baf7ae4718d to resolve the issue. As a temporary workaround, restrict access to the `NewServer()` function in the transport/http/server.go file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ericc-ch copilot-api versions prior to 0.7.1 **Description** An issue exists in the Header Handler component within the '/token' file. A remote attacker can manipulate the `Host` argument, leading to a reliance on reverse DNS resolution, which is the process of querying the Domain Name System to obtain the domain name associated with a given IP address. **Recommendations** Update ericc-ch copilot-api to a version later than 0.7.0. As a temporary workaround, restrict access to the '/token' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ericc-ch copilot-api versions prior to 0.7.1 **Description** A flaw exists in the Token Endpoint component within the `cors()` function of the src/server.ts file. A manipulation of this function allows for a permissive cross-domain policy with untrusted domains, which can be triggered remotely. **Recommendations** Update ericc-ch copilot-api to a version later than 0.7.0. As a temporary workaround, restrict access to the `cors()` function in the src/server.ts file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions AstrBot versions up to 4.22.1 Description A command injection issue exists in AstrBotDevs AstrBot up to version 4.22.1. The `add mcp server` function within the `astrbot/dashboard/routes/tools.py` file, part of the MCP Endpoint component, is affected. Manipulation of the `command` argument can lead to remote command injection. The exploit has been publicly disclosed. Recommendations Versions prior to 4.22.1 are recommended.

Name of the Vulnerable Software and Affected Versions chatboxai chatbox versions up to 1.20.0 Description A flaw exists in the StdioClientTransport function within the src/main/mcp/ipc-stdio-transport.ts file of the Model Context Protocol Server Management System component. Manipulation of the `args/env` argument can lead to os command injection. The attack can be launched remotely. The exploit has been published. Recommendations Update to a version beyond 1.20.0.

Name of the Vulnerable Software and Affected Versions zahayujie chatgpt-on-wechat CowAgent version 2.0.4 Description A weakness exists in the Administrative HTTP Endpoint component of zhayujie chatgpt-on-wechat CowAgent version 2.0.4 due to missing authentication in an unknown function. This allows for remote attacks. The exploit is publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions AstrBot versions up to 4.22.1 Description A server-side request forgery exists in the `post data.get` function of the API Endpoint component in AstrBot. This manipulation can be performed remotely. The exploit is publicly available. Recommendations Update AstrBot to a version newer than 4.22.1.

Name of the Vulnerable Software and Affected Versions AstrBot versions up to 4.22.1 Description A security issue exists in AstrBotDevs AstrBot up to version 4.22.1. The `install plugin upload` function within the `astrbot/dashboard/routes/plugin.py` file is susceptible to a sandbox issue due to manipulation of the `File` argument. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations Versions prior to 4.22.1 should be used.

Name of the Vulnerable Software and Affected Versions zahayujie chatgpt-on-wechat CowAgent versions up to 2.0.4 Description A flaw exists in the function dispatch of the file agent/memory/service.py within the API Memory Content Endpoint component. Manipulation of the `filename` argument can lead to path traversal, allowing for remote exploitation. The exploit has been published. Recommendations Upgrade to version 2.0.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions up to 3.4.3 Description A weakness exists in assafelovic gpt-researcher up to version 3.4.3, specifically in the processing of the `gpt researcher/skills/researcher.py` file within the WebSocket Interface component. Manipulation of the `task` argument can lead to cross-site scripting (XSS). The attack can be launched remotely, and an exploit has been publicly released. Recommendations Update to a version beyond 3.4.3.

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the FastAPI/Flask Server component of vanna-ai vanna. A manipulation can lead to a permissive cross-domain policy with untrusted domains, allowing for remote attacks. The exploit has been published. Recommendations Update vanna-ai vanna to a version later than 2.0.2.

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A security issue exists in vanna-ai vanna, specifically within the Chat API Endpoint component. A manipulation of the `/api/vanna/v2/` file results in missing authentication. This can be exploited remotely. The exploit is publicly available. Recommendations Update to a version beyond 2.0.2.

Name of the Vulnerable Software and Affected Versions Sanster IOPaint version 1.5.3 Description A path traversal issue exists in the File Manager component of Sanster IOPaint version 1.5.3, specifically within the ` get file` function of the `iopaint/file manager/file manager.py` file. Manipulation of the `filename` argument can lead to path traversal. The exploit has been made public and is possible to be carried out remotely. The vendor was contacted but did not respond. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `iopaint/file manager/file manager.py` file.

**Name of the Vulnerable Software and Affected Versions** PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 **Description** A flaw exists in PromtEngineer localGPT that allows for unrestricted file upload. The issue is located in the `do POST` function within the `backend/server.py` file. This manipulation can be carried out remotely. The exploit has been published. The product uses a rolling release strategy, making specific version details for fixes unavailable. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 should be updated. As a temporary workaround, consider restricting access to the `backend/server.py` file or disabling the `do POST` function until a patch is available.