إرسال #795331: vanna-ai vanna 2.0.2 Unauthorized access to all API endpointsالمعلومات

عنوان	vanna-ai vanna 2.0.2 Unauthorized access to all API endpoints
الوصف	The Vanna legacy Flask API (VannaFlaskApp) NoAuth() as its authentication backend, which accepts all requests without requiring any credentials. This exposes 20+ API endpoints — including SQL execution (/api/v0/run_sql), SQL injection (/api/v0/update_sql), training data management (/api/v0/train, /api/v0/remove_training_data), and function management (/api/v0/create_function, /api/v0/delete_function) — to unauthenticated remote access.
المصدر	⚠️ https://github.com/yidaozhongqing/York/issues/2
المستخدم	York Shen (UID 97025)
ارسال	02/04/2026 09:37 AM (25 أيام منذ)
الاعتدال	24/04/2026 08:50 PM (22 days later)
الحالة	تمت الموافقة
إدخال VulDB	359520 [vanna-ai vanna حتى 2.0.2 Legacy Flask API تجاوز الصلاحيات]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!