CNNVD-202512-3125 Information

CNNVD ID

CNNVD-202512-3125

Related CVE

CVE-2025-67744

• CNNVD Published: 2025-12-16

Description (Chinese)

DeepChat是ThinkInAIXYZ开源的一款智能助手。 DeepChat 0.5.3之前版本存在代码注入漏洞，该漏洞源于Mermaid图表渲染组件存在跨站脚本问题，可能导致远程代码执行。

Description (English)

DeepChat is a smart-ass assistant to ThinkInAIXYZ’s open source. There was a code injection loophole in the previous version of DeepChat 0.5.3, which stemmed from the problem of cross-site scripts for Mermaid graph rendering components, which could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

ThinkInAIXYZ

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/ThinkInAIXYZ/deepchat/commit/b179d97921af04a0ae1ae68757338dd8b8cbefe7 https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-w8w8-82pv-5rg9 https://access.redhat.com/security/cve/cve-2025-67744

Patch

https://github.com/OvidijusParsiunas/deep-chat/releases