CNNVD-202510-802 Information
CNNVD ID
CNNVD-202510-802
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
SillyTavern是SillyTavern开源的一个大语言模型的前端界面。 SillyTavern 1.13.4之前版本存在安全漏洞,该漏洞源于容易受到DNS重绑定攻击,可能导致安装恶意扩展、读取聊天记录和注入任意HTML进行钓鱼攻击。
Description (English)
SillyTavern is a front-end interface for a large-language model of SillyTavern’s open source. There was a security loophole in the previous version of Silly Tavern 1.13.4, which stemmed from the vulnerability of the DNS to rebound attacks, which could lead to the installation of malicious expansions, reading chat records and injections of random HTML fishing attacks.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
SillyTavern
Published
2025-10-06
Last Modified
2026-02-24
References
https://docs.sillytavern.app/administration/#security-checklist https://docs.sillytavern.app/administration/config-yaml/#host-whitelisting https://github.com/SillyTavern/SillyTavern/commit/d134abd50e4a416e3b81233242583b0a23f38320 https://github.com/SillyTavern/SillyTavern/releases/tag/1.13.4 https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-7cxj-w27x-x78q
Patch
https://github.com/SillyTavern/SillyTavern/releases
Share on: