Submeter #795331: vanna-ai vanna 2.0.2 Unauthorized access to all API endpointsinformação

Títulovanna-ai vanna 2.0.2 Unauthorized access to all API endpoints
DescriçãoThe Vanna legacy Flask API (VannaFlaskApp) NoAuth() as its authentication backend, which accepts all requests without requiring any credentials. This exposes 20+ API endpoints — including SQL execution (/api/v0/run_sql), SQL injection (/api/v0/update_sql), training data management (/api/v0/train, /api/v0/remove_training_data), and function management (/api/v0/create_function, /api/v0/delete_function) — to unauthenticated remote access.
Fonte⚠️ https://github.com/yidaozhongqing/York/issues/2
Utilizador
 York Shen (UID 97025)
Submissão02/04/2026 09h37 (há 26 dias)
Moderação24/04/2026 20h50 (22 days later)
EstadoAceite
Entrada VulDB359520 [vanna-ai vanna até 2.0.2 Legacy Flask API Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!