CNNVD-202506-3518 Information
CNNVD ID
CNNVD-202506-3518
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
Lychee是The Lychee Organisation开源的一个漂亮且易于使用的照片管理系统。用于管理和共享照片。 Lychee 6.6.13之前版本存在安全漏洞,该漏洞源于/api/v2/Photo::fromUrl端点存在服务端请求伪造,可能导致内部网络资源访问。
Description (English)
Lychee is a beautiful and easy-to-use photo management system for the Lychee Organization. Used to manage and share photographs. There was a security gap in the previous version of Lychee 6.6.13, which stemmed from the forgery of service-end requests at the /api/v2/Photo::fromUrl endpoint, which could lead to access to internal network resources.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
The Lychee Organisation
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/LycheeOrg/Lychee/commit/9dc162eefe56ce185ac1d59da42ee557933d914d https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-cpgw-wgf3-xc6v
Patch
https://github.com/LycheeOrg/Lychee/releases
Share on: