CNNVD-202507-2269 Information
CNNVD ID
CNNVD-202507-2269
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
Romm是The RomM Project开源的一个只读存储器的管理器。 RomM 3.10.3之前版本和4.0.0-beta.3之前版本存在安全漏洞,该漏洞源于api/raw端点存在认证路径遍历,可能导致密码和用户信息泄露。
Description (English)
Romm is the manager of a read-only memory of the Open Source of The RomM Project. There is a security loophole in previous RomM 3.10.3 and before 4.0.0-beta.3, which stems from the presence of authentication paths at the api/raw endpoint, which may lead to the disclosure of passwords and user information.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
The RomM Project
Published
2025-07-16
Last Modified
2026-02-24
References
https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31 https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966 https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151 https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3
Patch
https://github.com/rommapp/romm/releases
Share on: