Vulnerability	Vulnerable Version
C Improper Verification of Source of a Communication Channel sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of the `Host` header in inbound HTTP requests. An attacker can gain unauthorized access to sensitive data, execute arbitrary code, and perform actions such as installing malicious extensions or injecting arbitrary HTML by leveraging DNS rebinding techniques. Note: The vulnerability has been patched by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests; However, the setting is disabled by default to maintain backwards compatibility. Users are recommended to review their server configurations and apply necessary changes to their setup. How to fix Improper Verification of Source of a Communication Channel? Upgrade `sillytavern` to version 1.13.4 or higher.	<1.13.4

Improper Verification of Source of a Communication Channel

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of the Host header in inbound HTTP requests. An attacker can gain unauthorized access to sensitive data, execute arbitrary code, and perform actions such as installing malicious extensions or injecting arbitrary HTML by leveraging DNS rebinding techniques.

Note: The vulnerability has been patched by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests; However, the setting is disabled by default to maintain backwards compatibility. Users are recommended to review their server configurations and apply necessary changes to their setup.

How to fix Improper Verification of Source of a Communication Channel?

Upgrade sillytavern to version 1.13.4 or higher.

<1.13.4

Go back to all versions of this package