CNNVD-202507-2957 Information
CNNVD ID
CNNVD-202507-2957
Related CVE
- CNNVD Published: 2025-07-23
Description (Chinese)
NodeJS是OpenJS基金会的一个基于ChromeV8引擎的JavaScript运行环境,通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。 NodeJS 11.0.12及之前版本和haxcms-php 11.0.7及之前版本存在安全漏洞,该漏洞源于缺少iframe防护标头,可能导致点击劫持攻击。
Description (English)
NodeJSS is a JavaScript operating environment based on the ChromeV8 engine of the OpenJS Foundation, which has made it possible to develop high-performance backstage applications for Javascript through the encapsulation of the Chromev8 engine and the use of the event-driven and unblocked IO applications. 11.0.12 and previous versions of NodeJS11 and Haxcms-php11.0.7 and previous versions contain security loopholes stemming from the lack of frame shields, which may lead to hijacking attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenJS
Published
2025-07-23
Last Modified
2026-02-24
References
https://github.com/haxtheweb/issues/security/advisories/GHSA-54vw-f4xf-f92j https://github.com/haxtheweb/haxcms-php/commit/708dc8518928fe307044e67bff8b0f397cfdd606 https://github.com/haxtheweb/haxcms-nodejs/commit/777f9a7ff9675a160496f350d766df1f1f9b9b99 https://nvd.nist.gov/vuln/detail/CVE-2025-54139 https://access.redhat.com/security/cve/cve-2025-54139
Patch
https://github.com/haxtheweb/haxcms-nodejs/tags
Share on: