bisheng icon indicating copy to clipboard operation
bisheng copied to clipboard
verified publisher icon dataelement

任意代码执行漏洞

Open c111mb3r opened this issue 4 months ago • 1 comments

src/backend/bisheng/workflow/nodes/code/code_parse.py 路径下未对用户输入进行严格限制,用户可以输入任意python代码并且执行。

Image

Image

c111mb3r avatar Aug 13 '25 12:08 c111mb3r

收到,已经排期进行修复

sara2398 avatar Aug 20 '25 03:08 sara2398