| शीर्षक | vanna-ai vanna 2.0.2 Unauthorized access to all API endpoints |
|---|
| विवरण | The Vanna legacy Flask API (VannaFlaskApp) NoAuth() as its authentication backend, which accepts all requests without requiring any credentials. This exposes 20+ API endpoints — including SQL execution (/api/v0/run_sql), SQL injection (/api/v0/update_sql), training data management (/api/v0/train, /api/v0/remove_training_data), and function management (/api/v0/create_function, /api/v0/delete_function) — to unauthenticated remote access. |
|---|
| स्रोत | ⚠️ https://github.com/yidaozhongqing/York/issues/2 |
|---|
| उपयोगकर्ता | York Shen (UID 97025) |
|---|
| सबमिशन | 02/04/2026 09:37 AM (26 दिन पहले) |
|---|
| संयम | 24/04/2026 08:50 PM (22 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359520 [vanna-ai vanna तक 2.0.2 Legacy Flask API अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|