repository icon
netease-youdao / qanything Project repository

Question and Answer based on Anything.

Submit a report

FIRST INTERACTION

WITHIN33 DAYS

REVIEW

WITHIN33 DAYS

FIX

WITHIN90 DAYS

Cross-Site Scriptting in bot chat
aboutbo
duplicate
Medium
Server-side request forgery
aboutbo
not applicable
Arbitrary file upload vulnerability lead to remote command execute in netease-yo...
passer6y
duplicate
Critical
Local File Inclusion in netease-youdao/qanything
eggdkk
High
CVE-2024-12866
Unauthenticated DoS by Sending Large Filename at File Upload Endpoint
mnqazi
High
$450CVE-2024-12864
SQL Injection
tuna18dv
duplicate
Critical
HTTP Request Smuggling
srivallikusumba
High
$450CVE-2024-10264
Stored XSS while using the malicious document as reference to chat
mnqazi
duplicate
Critical
CSRF allows to Delete everything, including the conversation, Knowledge Base, up...
mnqazi
duplicate
High
SQL injection in delete_files in both master and qanything-python branch
0gur1
duplicate
High
XSS stored in conversation
7resp4ss
Medium
$75CVE-2024-8027
SQL Injection in /api/local_doc_qa/delete_files
7resp4ss
duplicate
High
SQL Injection
mvlttt
Critical
$1440CVE-2024-7099
CSRF lead to create/rename/delete knowledge_base and upload/delete docs/weblink
fewword
duplicate
High
CSRF lead to create/update/delete bots
fewword
duplicate
Critical
Data Handling in stream_requests
syed-ghufran-hassan
informative
Medium
store xss from CVE-2024-4367 in pdf.js
tianstcht
not applicable
CORS misconfiguration
mvlttt
High
$450CVE-2024-8024
CSRF due to overly permissive CORS headers for backend API
patrik-ha
High
$450CVE-2024-8026