Whoogle Search is a self-hosted metasearch engine. There are no known workarounds for this vulnerability. This issue has been addressed in commit `08d33cfd8`. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. The “data-export” endpoint is used to export files using the filename parameter as user input. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |