CNNVD-202507-1641 Information
CNNVD ID
CNNVD-202507-1641
Related CVE
- CNNVD Published: 2025-07-11
Description (Chinese)
Pandoc是一个Haskell库,用于从一种标记格式转换为另一种标记格式,以及使用该库的命令行工具。 Pandoc 3.6.4版本存在安全漏洞,该漏洞源于服务端请求伪造,可能导致基础设施被入侵。
Description (English)
Pandoc is a Haskell library used to convert from one tag to another and to use the command line tool of the library. There is a security loophole in version 3.6.4 of Pandoc, which stems from the forgery of service-end requests and could lead to infrastructure invasions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Live Support
Published
2025-07-11
Last Modified
2026-02-24
References
https://github.com/jgm/pandoc/pull/11262 https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8 http://pandoc.com/ https://www.wiz.io/blog/imds-anomaly-hunting-zero-day https://pandoc.org https://github.com/jgm/pandoc/issues/8874 https://github.com/jgm/pandoc/discussions/11200 http://jgm.com https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591 https://github.com/jgm/pandoc/issues/11261 http://jgm.com/ https://github.com/jgm/pandoc/issues/10682 https://vigilance.fr/vulnerability/JGM-Pandoc-Server-Side-Request-Forgery-via-Iframe-48003 https://access.redhat.com/security/cve/cve-2025-51591
Patch
https://github.com/jgm/pandoc/releases
Share on: