CNNVD-202508-2734 Information
CNNVD ID
CNNVD-202508-2734
Related CVE
- CNNVD Published: 2025-08-22
Description (Chinese)
Dpanel是Donknap开源的一款轻量化的 Docker 可视化管理面板,提供完善的容器管理功能。 Dpanel 1.2.0至1.7.2版本存在安全漏洞,该漏洞源于/api/app/compose/get-from-uri API端点未正确验证uri参数,可能导致读取任意文件。
Description (English)
Dpanel is a light-quantifiable Docker visualization management panel from Donknap open source, which provides a good container management function. There is a security loophole in versions Dpanel 1.2.0 to 1.7.2, which originates from/api/app/compose/get-from-uri API endpoints that do not correctly validate the uri parameters and may lead to the reading of any document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
dootask
Published
2025-08-22
Last Modified
2026-02-24
References
https://github.com/donknap/dpanel/security/advisories/GHSA-gcqf-pxgg-gw8q https://access.redhat.com/security/cve/cve-2025-53363 https://nvd.nist.gov/vuln/detail/CVE-2025-53363
Patch
https://github.com/donknap/dpanel/releases
Share on: