netease-youdao/QAnything

netease-youdao/QAnything

Releases9

Frequency4 weeks 2 hours

Last Release almost 2 years ago

Stars14K

Question and Answer based on Anything.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-7099 ↗	Oct 13, 2024Sunday, 13 October 2024, 21:15	—	—
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.
CVE-2024-25722 ↗	Feb 11, 2024Sunday, 11 February 2024, 05:15	9.8 CRITICAL	—
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.