| शीर्षक | PrivateGPT 0.6.2 CWE-942: Permissive Cross-domain Policy with Untrusted Domains |
|---|
| विवरण | Private GPT's CORS settings are misconfigured, allowing any origin to interact with the application without restriction. This flaw exposes sensitive user data to attackers who can deploy malicious JavaScript on their websites and trick users into executing it. By exploiting this vulnerability, attackers can bypass the intended isolation of Private GPT, even in environments deployed on internal networks, and extract sensitive information such as credentials or private documents. |
|---|
| स्रोत | ⚠️ https://gist.github.com/superboy-zjc/2a727cb0c1d468f21a91e0416d006ffe |
|---|
| उपयोगकर्ता | Gavin Zhong (UID 84092) |
|---|
| सबमिशन | 23/04/2025 07:51 PM (1 वर्ष पहले) |
|---|
| संयम | 09/05/2025 04:54 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 308235 [Zylon PrivateGPT तक 0.6.2 settings.yaml allow_origins अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|