CNNVD-202507-743 Information

CNNVD ID

CNNVD-202507-743

Related CVE

CVE-2025-53532

• CNNVD Published: 2025-07-07

Description (Chinese)

giscus是giscus开源的一个评论系统。 giscus存在授权问题漏洞，该漏洞源于未经授权的用户可在安装giscus的仓库上创建讨论，可能导致未经授权的操作。

Description (English)

I’m a commenter of the giscus open source. There is a bug in the delegation of authority that arises from unauthorized users who can create discussions at the warehouse where the giccus is installed, which may lead to unauthorized operations.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

giscus

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3 https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389 https://access.redhat.com/security/cve/cve-2025-53532

Patch

https://github.com/giscus/giscus