pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2025-12-08 20:42:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
779 Commits 3 Branches 38 Tags
fb21efd77d44c7459bca440cccab5198150e4590
Commit Graph

2 Commits

Author SHA1 Message Date
William957-web
9fcf9a10c6 Update SECURITY.md (#1248) 
### What problem does this PR solve?

### Type of change

- [x] Documentation Update
 2024-06-24 16:30:17 +08:00
William957-web
d185a2e7f2 Create SECURITY.md (#1241) 
### What problem does this PR solve?

The restricted_loads function at
[api/utils/init.py#L215](https://github.com/infiniflow/ragflow/blob/main/api/utils/__init__.py#L215)
is still vulnerable leading via code execution. The main reson is that
numpy module has a numpy.f2py.diagnose.run_command function directly
execute commands, but the restricted_loads function allows users import
functions in module numpy.

### Additional Details

[https://github.com/infiniflow/ragflow/issues/1240](https://github.com/infiniflow/ragflow/issues/1240)

### Type of change

- [ ] Bug Fix (non-breaking change which fixes an issue)
- [ ] New Feature (non-breaking change which adds functionality)
- [ ] Documentation Update
- [ ] Refactoring
- [ ] Performance Improvement
- [ ] Other (please describe):
 2024-06-24 10:14:57 +08:00