CNNVD-202508-3328 Information

CNNVD ID

CNNVD-202508-3328

Related CVE

CVE-2024-48908

• CNNVD Published: 2025-08-28

Description (Chinese)

Lychee是The Lychee Organisation开源的一个漂亮且易于使用的照片管理系统。用于管理和共享照片。 Lychee 2.0.2之前版本存在代码注入漏洞，该漏洞源于lychee-setup中可能存在任意代码注入。

Description (English)

Lychee is a beautiful and easy-to-use photo management system for the Lychee Organization. Used to manage and share photographs. There was a code-injection loophole in the previous version of Lychee 2.0, which stemmed from the possibility of any code-injection in the lychee-setup.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

The Lychee Organisation

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/lycheeverse/lychee-action/security/advisories/GHSA-65rg-554r-9j5x https://github.com/lycheeverse/lychee-action/commit/7cd0af4c74a61395d455af97419279d86aafaede https://nvd.nist.gov/vuln/detail/CVE-2024-48908

Patch

https://github.com/LycheeOrg/Lychee/releases