CNNVD-202508-073 Information
CNNVD ID
CNNVD-202508-073
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
webfinger.js是Nick Jennings个人开发者的一个用于查询WebFinger记录的客户端库。 webfinger.js 2.8.0及之前版本存在代码问题漏洞,该漏洞源于未阻止localhost访问,可能导致盲SSRF攻击。
Description (English)
Webfinger.js is a client library used by Nick Jennings’ personal developers to access WebFinger records. Webfinger.js 2.8.0 and earlier versions had a code gap, which stemmed from failure to prevent access to localhost and could lead to blind SSR attacks.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/silverbucket/webfinger.js/commit/b5f2f2c957297d25f4d76072963fccaee2e3095a https://github.com/silverbucket/webfinger.js/security/advisories/GHSA-8xq3-w9fx-74rv https://github.com/silverbucket/webfinger.js/releases/tag/v2.8.1 https://access.redhat.com/security/cve/cve-2025-54590
Patch
https://github.com/silverbucket/webfinger.js/releases
Share on: