Количество 2
Количество 2
CVE-2025-57697
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.
GHSA-vm2f-46xc-5jc3
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-57697 AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-vm2f-46xc-5jc3 AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу