CNNVD-202512-628 Information
CNNVD ID
CNNVD-202512-628
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Yuxi-Know是Wenjie Zhang个人开发者的一个知识图谱智能体平台。 Yuxi-Know 0.4.0及之前版本存在代码问题漏洞,该漏洞源于对文件/src/models/embed.py中参数health_url的错误操作,可能导致服务端请求伪造。
Description (English)
Yuxi-Know is a knowledge mapping smart body platform for Wenjie Zhang personal developers. Yuxi-Know 0.4.0 and previous versions had a code problem loophole, which stemmed from a mishandling of the parameter health url in the file/src/models/embed.py, which could lead to the forgery of the service request.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-12-05
Last Modified
2026-02-24
References
https://vuldb.com/?submit.697380 https://vuldb.com/?id.334492 https://www.notion.so/SSRF-vulnerablity-in-Yuxi-Know-2afea92a3c4180bea524f1a253f8d9a0?source=copy_link https://vuldb.com/?ctiid.334492 https://github.com/xerrors/Yuxi-Know/commit/0ff771dc1933d5a6b78f804115e78a7d8625c3f3 https://access.redhat.com/security/cve/cve-2025-14116
Patch
https://github.com/xerrors/Yuxi-Know/commit/0ff771dc1933d5a6b78f804115e78a7d8625c3f3
Share on: