CNNVD-202507-1309 Information

CNNVD ID

CNNVD-202507-1309

Related CVE

CVE-2025-53546

• CNNVD Published: 2025-07-09

Description (Chinese)

Folo是RSSNext开源的一个信息聚合工具。 Folo存在安全漏洞，该漏洞源于GitHub Actions工作流使用pull_request_target，可能导致权限提升。

Description (English)

Folo is an information aggregation tool for RSSNext open source. Folo has a security loophole, which stems from the use of pull request target by the GitHub Actions workflow, which may lead to increased access.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

RsyncProject

Published

2025-07-09

Last Modified

2026-02-24

References

https://github.com/RSSNext/Folo/commit/585c6a591440cd39f92374230ac5d65d7dd23d6a https://github.com/RSSNext/Folo/security/advisories/GHSA-h87r-5w74-qfm4

Patch

https://github.com/RSSNext/Folo/releases