Name of the Vulnerable Software and Affected Versions:

netease-youdao/qanything version v2.0.0

Description:

A local file inclusion vulnerability exists that allows an attacker to read arbitrary files on the file system. This can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files. The vulnerability is related to an incorrect restriction on the path name to the access-restricted directory.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.