CNNVD-202507-161 Information

CNNVD ID

CNNVD-202507-161

Related CVE

CVE-2025-53358

• CNNVD Published: 2025-07-02

Description (Chinese)

Cinnamon kotaemon是Cinnamon开源的一个基于RAG的开源工具。 Cinnamon kotaemon 0.10.6及之前版本存在路径遍历漏洞，该漏洞源于未验证URL和本地文件路径，可能导致目录遍历和数据泄露。

Description (English)

Cinnamon Kotaemon is an RAG-based open source tool for Cinnamon. Cinnamon Kotaemon 0.10.6 and previous versions have path-to-path loopholes, which originate from unverified URLs and local file paths, which may lead to directory-to-house and data leaks.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Cinnamon

Published

2025-07-02

Last Modified

2026-02-24

References

https://github.com/Cinnamon/kotaemon/commit/37cdc28ceb46e505d25221584daf1fe61e26b2cc https://github.com/Cinnamon/kotaemon/pull/755 https://github.com/Cinnamon/kotaemon/security/advisories/GHSA-jw4w-xcvf-jq5x