CNNVD-202506-1879 Information
CNNVD ID
CNNVD-202506-1879
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 17.0至28.0.1版本、27.3.4.1版本和26.2.5.13版本存在路径遍历漏洞,该漏洞源于路径遍历问题,可能导致文件操作。
Description (English)
Erlang/OTP is a JavaScript repository for processing anomalies prepared by Erlang/OTP Open Source. The library captures anomalies caused by the API that is embedded in Node.js. Erlang/OTP 17.0 to 28.0.1, 27.3.4.1 and 26.2.5.13 have path-to-path loopholes, which stem from routing problems and may lead to file operations.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Erlang/OTP
Published
2025-06-16
Last Modified
2026-02-24
References
https://github.com/erlang/otp/pull/9941 https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc https://www.erlang.org/doc/system/versions.html#order-of-versions http://www.openwall.com/lists/oss-security/2025/06/16/5 https://nvd.nist.gov/vuln/detail/CVE-2025-4748 https://vigilance.fr/vulnerability/Erlang-OTP-directory-escape-via-lib-stdlib-src-zip-erl-47737 https://access.redhat.com/security/cve/cve-2025-4748
Patch
https://www.erlang.org/downloads
Share on: