CNNVD-202506-1949 Information
CNNVD ID
CNNVD-202506-1949
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Steel Browser是Steel开源的一个人工智能代理的开源浏览器API。 Steel Browser 0.1.3及之前版本存在安全漏洞,该漏洞源于api/src/modules/files/files.routes.ts文件中filename参数操作导致路径遍历。
Description (English)
Steel Browner is an API viewer for an artificial smart agent at Steel Open Source. Steel Browner 0.1.3 and previous versions contain a security loophole that originates from the operation of the fiilename parameter in api/src/modules/files/files.routes.ts files that lead to a path pass.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Steel
Published
2025-06-17
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.312627 https://github.com/steel-dev/steel-browser/issues/129 https://github.com/steel-dev/steel-browser/commit/7ba93a10000fb77ee01731478ef40551a27bd5b9 https://vuldb.com/?submit.593060 https://vuldb.com/?id.312627 https://github.com/steel-dev/steel-browser/issues/129#issuecomment-2936052240 https://access.redhat.com/security/cve/cve-2025-6152
Patch
https://github.com/steel-dev/steel-browser/releases
Share on: