CNNVD-202509-1146 Information

CNNVD ID

CNNVD-202509-1146

Related CVE

CVE-2025-58768

• CNNVD Published: 2025-09-09

Description (Chinese)

DeepChat是ThinkInAIXYZ开源的一款智能助手。 DeepChat 0.3.5之前版本存在代码注入漏洞，该漏洞源于innerHTML直接使用用户内容，可能导致命令执行。

Description (English)

DeepChat is a smart-ass assistant to ThinkInAIXYZ’s open source. The pre-DeepChat 0.3.5 version had a code-infusion loophole, which originated from the direct use of user content ininnerHTML and could lead to the execution of the command.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

ThinkInAIXYZ

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-f7q5-vc93-wp6j https://access.redhat.com/security/cve/cve-2025-58768

Patch

https://github.com/ThinkInAIXYZ/deepchat/releases