CNNVD-202512-346 Information

CNNVD ID

CNNVD-202512-346

Related CVE

CVE-2025-66222

• CNNVD Published: 2025-12-03

Description (Chinese)

DeepChat是ThinkInAIXYZ开源的一款智能助手。 DeepChat 0.5.0及之前版本存在代码注入漏洞，该漏洞源于Mermaid图表渲染器存在存储型跨站脚本，可能导致远程代码执行。

Description (English)

DeepChat is a smart-ass assistant to ThinkInAIXYZ’s open source. DeepChat 0.5.0 and previous versions had a code injection loophole, which stemmed from the storage of the Mermaid Chart Renderer, which could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

ThinkInAIXYZ

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-v8v5-c872-mf8r https://github.com/ThinkInAIXYZ/deepchat/commit/371ca7b42e3685aee6e3f0c61e85277ed1ff4db7 https://access.redhat.com/security/cve/cve-2025-66222

Patch

https://deepchat.thinkinai.xyz/#/download