CNNVD-202508-283 Information
CNNVD ID
CNNVD-202508-283
Related CVE
- CNNVD Published: 2025-08-05
Description (Chinese)
IPX是UnJS开源的一个图像优化器。 IPX 1.3.1及之前版本、2.0.0-0版本至2.1.0版本和3.0.0版本至3.1.0版本存在安全漏洞,该漏洞源于路径前缀检查不当,可能导致路径前缀绕过。
Description (English)
IPX is an image optimizer for the UnJSS open source. There is a security loophole in IPX 1.3.1 and previous versions, Versions 2.0-0 to 2.1.0 and Versions 3.0.0 to 3.1.0, which stems from inappropriate pre-routine checks that may lead to pre-routines being bypassed.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
UnJS
Published
2025-08-05
Last Modified
2026-02-24
References
https://github.com/unjs/ipx/releases/tag/v3.1.1 https://github.com/unjs/ipx/releases/tag/v2.1.1 https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214 https://github.com/unjs/ipx/releases/tag/v1.3.2 https://access.redhat.com/security/cve/cve-2025-54387
Patch
https://github.com/unjs/ipx/releases
Share on: