Gửi #795331: vanna-ai vanna 2.0.2 Unauthorized access to all API endpointsthông tin

tiêu đềvanna-ai vanna 2.0.2 Unauthorized access to all API endpoints
Mô tảThe Vanna legacy Flask API (VannaFlaskApp) NoAuth() as its authentication backend, which accepts all requests without requiring any credentials. This exposes 20+ API endpoints — including SQL execution (/api/v0/run_sql), SQL injection (/api/v0/update_sql), training data management (/api/v0/train, /api/v0/remove_training_data), and function management (/api/v0/create_function, /api/v0/delete_function) — to unauthenticated remote access.
Nguồn⚠️ https://github.com/yidaozhongqing/York/issues/2
Người dùng
 York Shen (UID 97025)
Đệ trình02/04/2026 09:37 (cách đây 25 ngày)
Kiểm duyệt24/04/2026 20:50 (22 days later)
Trạng tháiđược chấp nhận
Mục VulDB359520 [vanna-ai vanna đến 2.0.2 Legacy Flask API nâng cao đặc quyền]
điểm20

TrướcTổng QuanTiếp theo

Want to know what is going to be exploited?

We predict KEV entries!