CNNVD-202507-300 Information

CNNVD ID

CNNVD-202507-300

Related CVE

CVE-2025-48939

• CNNVD Published: 2025-07-03

Description (Chinese)

tarteaucitron.js是Amauri CHAMPEAUX个人开发者的一个 cookie 管理器。 tarteaucitron.js 1.22.0之前版本存在安全漏洞，该漏洞源于未验证document.currentScript是否引用实际script元素，可能导致脚本路径加载错误。

Description (English)

Tarteaucitron.js is a cookie manager for Amauri CHAMPEAUX personal developer. There is a security loophole in the pre-trateaucitron.js 1.22.0 that results from the unverified use of actual script elements by document.currentScript, which may result in error in loading the script path.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-03

Last Modified

2026-02-24

References

https://github.com/AmauriC/tarteaucitron.js/security/advisories/GHSA-q43x-79jr-cq98 https://github.com/AmauriC/tarteaucitron.js/commit/230a3b69d363837acfa895823d841e0608826ba3

Patch

https://tarteaucitron.io/en/