CNNVD-202507-1917 Information
CNNVD ID
CNNVD-202507-1917
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
Job Iteration API是Shopify开源的一个API接口。 Job Iteration API 1.11.0之前版本存在操作系统命令注入漏洞,该漏洞源于CsvEnumerator类存在任意代码执行,可能导致未经授权访问或数据泄露。
Description (English)
Job International API is an API interface for the open source of Shopify. The previous version of Job International API 1.11.0 had an operational system command-infusion loophole, which stemmed from the existence of arbitrary code enforcement in the CsvEnumerator category, which could lead to unauthorized access or data disclosure.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
ShopSite
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/Shopify/job-iteration/commit/1a7adfdd041105a5e45e774cadc6b973a292ba55 https://github.com/Shopify/job-iteration/pull/595 https://github.com/Shopify/job-iteration/security/advisories/GHSA-6qjf-g333-pv38 https://github.com/Shopify/job-iteration/releases/tag/v1.11.0 https://access.redhat.com/security/cve/cve-2025-53623
Patch
https://github.com/Shopify/job-iteration/releases
Share on: