CNNVD-202507-2316 Information
CNNVD ID
CNNVD-202507-2316
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
DiracX-Web是DIRAC Project开源的一个DiracX的用户界面。 DiracX-Web 0.1.0-a8之前版本存在输入验证错误漏洞,该漏洞源于重定向字段未验证,可能导致钓鱼攻击。
Description (English)
DiracX-Web is a user interface for DiracX, an open source of DIRAC Project. The pre-DiracX-Web 0.1.0-a8 version had an input verification error loophole, which originated from the unverified re-direction field and could lead to fishing attacks.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
DIRAC Project
Published
2025-07-17
Last Modified
2026-02-24
References
https://diracx-cert-app.cern.ch/auth https://ipcim.com/en/where/?dsdsd=qsqsfsjfnsfniizaeiaapzqlalkqkaizqqijsjaopmqmxna?redirect= https://diracx-cert.app.cern.ch/auth?redirect= https://github.com/DIRACGrid/diracx-web/commit/eba3b7bc4f9d394074215986e6d3c15b546b25d5 https://github.com/DIRACGrid/diracx-web/security/advisories/GHSA-hfj7-542q-8fvv
Patch
https://github.com/DIRACGrid/diracx-web/releases
Share on: