CNNVD-202508-3006 Information

CNNVD ID

CNNVD-202508-3006

Related CVE

CVE-2025-9118

• CNNVD Published: 2025-08-25

Description (Chinese)

Google Cloud Dataform是美国谷歌（Google）公司的一个自动处理工作流的平台。 Google Cloud Dataform存在安全漏洞，该漏洞源于NPM包安装过程中存在路径遍历，可能导致读取和写入其他客户存储库文件。

Description (English)

Google Cloud Dataform is an automated workstream platform for Google. Google Cloud Dataform has a security loophole, which stems from the routing of the NPM package installation, which may lead to the reading and writing of other customer repository files.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

谷歌

Published

2025-08-25

Last Modified

2026-02-24

References

https://cloud.devsite.corp.google.com/dataform/docs/security-bulletins#gcp-2025-045 https://nvd.nist.gov/vuln/detail/CVE-2025-9118