4.26.3
1 years ago
2 days ago
Known vulnerabilities in the astrbot package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the How to fix Authorization Bypass Through User-Controlled Key? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Incorrect Authorization via the How to fix Incorrect Authorization? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? There is no fixed version for | [0,) |
AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? There is no fixed version for | [0,) |