CNNVD-202510-1647 Information
CNNVD ID
CNNVD-202510-1647
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
Text Generation Web UI是oobabooga个人开发者的一个本地AI的UI界面。 Text Generation Web UI 3.13及之前版本存在后置链接漏洞,该漏洞源于字符图片上传功能存在本地文件包含漏洞,可能导致读取服务器敏感文件。
Description (English)
Text General Web UI is a local UI interface for obabooga personal developers. Text General Web UI 3.13 and previous versions have a backlink loophole, which stems from the fact that the character image upload feature contains a local file that contains a bug that may lead to the access to server sensitive files.
Hazard Level
High
Vulnerability Type
后置链接
Affected Vendor
个人开发者
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-66rw-q8w5-c2hg https://github.com/oobabooga/text-generation-webui/commit/282aa1918907fceec7f903d3dc2bc8492ce8e885 https://access.redhat.com/security/cve/cve-2025-62364
Patch
https://github.com/oobabooga/text-generation-webui/releases
Share on: