CNNVD-202506-2601 Information

CNNVD ID

CNNVD-202506-2601

Related CVE

CVE-2025-6278

• CNNVD Published: 2025-06-19

Description (Chinese)

Upsonic是Upsonic开源的一个AI代理框架。 Upsonic 0.55.6及之前版本存在路径遍历漏洞，该漏洞源于文件markdown/server.py中函数os.path.join存在路径遍历。

Description (English)

Upsonic is an AI proxy framework for UPsonic open source. Upsonic 0.55.6 and previous versions have path-to-path loopholes, which stem from the function of os.path.join in file markdown/server.py.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Upsonic

Published

2025-06-19

Last Modified

2026-02-24

References

https://github.com/Upsonic/Upsonic/issues/356 https://vuldb.com/?ctiid.313282 https://vuldb.com/?id.313282 https://vuldb.com/?submit.593096

Patch

https://github.com/Upsonic/Upsonic/releases