admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 10:41:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-565xx/CVE-2024-56516.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

86 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-56516",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-30T17:15:09.687",
"lastModified": "2024-12-30T17:15:09.687",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository."
},
{
"lang": "es",
"value": "free-one-api permite a los usuarios acceder a grandes librer\u00edas de ingenier\u00eda inversa de modelos de lenguaje a trav\u00e9s del formato est\u00e1ndar de API de OpenAI. En versiones hasta la 1.0.1 incluida, se utiliza MD5 para codificar las contrase\u00f1as antes de enviarlas al backend. MD5 es un algoritmo de codificaci\u00f3n criptogr\u00e1ficamente defectuoso y ya no se considera seguro para el almacenamiento o la transmisi\u00f3n de contrase\u00f1as. Es vulnerable a ataques de colisi\u00f3n y se puede descifrar f\u00e1cilmente con hardware moderno, lo que expone las credenciales de los usuarios a un posible riesgo. Al momento de la publicaci\u00f3n, no se ha enviado un reemplazo para MD5 al repositorio de GitHub de free-one-api."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-328"
}
]
}
],
"references": [
{
"url": "https://github.com/RockChinQ/free-one-api/blob/4d6ee42ffbb224b95be32c26cabc28d54d01bf78/web/src/main.js#L15",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RockChinQ/free-one-api/security/advisories/GHSA-36cc-58vm-wm4h",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink