BACMiao
BACMiao
您好, 我们使用您的项目作为我们静态代码分析工具的测试样例,我们发现在**mall-common模块**下的 `com.macro.mall.common.log.WebLogAspect.doAround(ProceedingJoinPoint joinPoint)` 方法的倒数第3行(源码中89行)的日志打印语句 `LOGGER.info(Markers.appendEntries(logMap), JSONUtil.parse(webLog).toString());` 可能会造成敏感信息泄漏的情况。 ``` @Around("webLog()") public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable { long startTime = System.currentTimeMillis(); //获取当前请求对象 ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request =...
### System Info OS version: macOS 14.3.1 Python version: Python 3.12.4 The current version of pandasai being used: v2.2.14 ### 🐛 Describe the bug Hi, Team While using the `SemanticAgent`,...
### Checked other resources - [X] I added a very descriptive title to this issue. - [X] I searched the LangChain documentation with the integrated search. - [X] I used...
**Bug description** In the process of using MetaGPT's QaEngine, users can easily make the `RunCode._install_requirements` method download any dependency package through conversation. This could potentially allow malicious users to have...
### System Info OS version: MacOS 14.3.1 Python version: 3.12 The current version of pandasai being used: 2.4.0 ### 🐛 Describe the bug We found that when using **SmartDataframe** for...
### Summary While using the latest version (
### System Info BambooAI: 0.3.52 os: macOS 14.3.1 python: 3.12 ### Summary During the use of the BambooAI framework, we discovered a potential security bypass in the `BambooAI.execute_code` method located...
# PoC-Vanna-RCE ### Summary During the use of Vanna **(with git commit 0: for _, training_data in existing_training_data.iterrows(): vn_chroma.remove_training_data(training_data['id']) df_ddl = vn_chroma.run_sql("SELECT type, sql FROM sqlite_master WHERE sql is not...
# PoC-MiniAGI-RCE ## 1. Commands ### Summary When using a security analysis tool to analyze MiniAGI (the latest commit branch on GitHub is d2add8f), we discovered a security risk in...
# PoC-Adala-RCE ### Summary During the use of Adala **(with git commit