CNNVD-202509-4386 Information

CNNVD ID

CNNVD-202509-4386

Related CVE

CVE-2025-7104

• CNNVD Published: 2025-09-29

Description (Chinese)

LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat存在安全漏洞，该漏洞源于自动绑定用户提供的数据到内部对象属性或数据库字段时未进行适当过滤，可能导致敏感字段被操纵和原型污染。

Description (English)

LibreChat is an enhanced ChatGPT clone of Danny Avila’s personal developer. LibreChat has a security loophole, which results from the automatic binding of data provided by users to internal object properties or database fields without proper filtering, which may lead to manipulation and prototype contamination of sensitive fields.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/danny-avila/librechat/commit/a37bf6719cfbc2de270f7d87b6b85d87cc1768db https://huntr.com/bounties/32a175c4-7543-4503-a3d0-7880abd1826b

Patch

https://github.com/danny-avila/LibreChat/releases