제출 #795331: vanna-ai vanna 2.0.2 Unauthorized access to all API endpoints정보

제목	vanna-ai vanna 2.0.2 Unauthorized access to all API endpoints
설명	The Vanna legacy Flask API (VannaFlaskApp) NoAuth() as its authentication backend, which accepts all requests without requiring any credentials. This exposes 20+ API endpoints — including SQL execution (/api/v0/run_sql), SQL injection (/api/v0/update_sql), training data management (/api/v0/train, /api/v0/remove_training_data), and function management (/api/v0/create_function, /api/v0/delete_function) — to unauthenticated remote access.
원천	⚠️ https://github.com/yidaozhongqing/York/issues/2
사용자	York Shen (UID 97025)
제출	2026. 04. 02. AM 09:37 (2 개월 ago)
모더레이션	2026. 04. 24. PM 08:50 (22 days later)
상태	수락
VulDB 항목	359520 [vanna-ai vanna 까지 2.0.2 Legacy Flask API 권한 상승]
포인트들	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!