CVE-2026-3573
HIGH7.5EPSS 0.07%發布日:2026/3/11修改日:2026/3/26
也稱為:DRUPAL-CONTRIB-2026-028
描述
The module and certain submodules (AI Automators, AI Translate, AI API Explorer, AI Content Suggestions) provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the context of the LLM request.
受影響套件(1)
- Packagist/drupal/aifrom 0, < 1.1.11 | >= 1.2.0, < 1.2.12
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| nvd | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |