CNNVD-202510-275 Information
CNNVD ID
CNNVD-202510-275
Related CVE
- CNNVD Published: 2025-10-02
Description (Chinese)
LangBot是LangBot开源的一个大模型即时通信机器人开发平台。 LangBot 4.1.0版本至4.3.5之前版本存在代码问题漏洞,该漏洞源于/api/v1/files/documents接口未严格限制服务器文件存储目录,可能导致任意文件上传。
Description (English)
LangBot is a large-scale real-time telecommunications robot development platform for the LangBot open source. There is a code problem loophole in the pre-LangBot 4.1.0 to 4.3.5 versions, which originates from/api/v1/files/documents interfaces that do not severely restrict server file storage directories and may lead to any uploading of files.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
LangBot
Published
2025-10-02
Last Modified
2026-02-24
References
https://github.com/langbot-app/LangBot/pull/1691 https://github.com/langbot-app/LangBot/releases/tag/v4.3.5 https://github.com/langbot-app/LangBot/security/advisories/GHSA-7j3j-qj83-9qv4
Patch
https://github.com/langbot-app/LangBot/releases
Share on: