CNNVD-202507-504 Information

CNNVD ID

CNNVD-202507-504

Related CVE

CVE-2025-53602

• CNNVD Published: 2025-07-04

Description (Chinese)

zipkin是Open Zipkin开源的一个分布式跟踪系统。 zipkin 3.5.1及之前版本存在安全漏洞，该漏洞源于攻击者可以通过/heapdump端点访问敏感的系统内存信息，导致信息泄露。

Description (English)

zipkin is a distributed tracking system for Open Zipkin. zipkin 3.5.1 and previous versions contain a security loophole, which stems from information being stored in sensitive systems that can be accessed by the attackers through their/heapdump endpoint, leading to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Open Zipkin

Published

2025-07-04

Last Modified

2026-02-24

References

https://github.com/openzipkin/zipkin/commit/3c7605dfdfab2dd341cf0ea121a56cefcd580d9e https://github.com/openzipkin/zipkin/pull/3804 https://zipkin.io/