CNNVD-202508-3696 Information
CNNVD ID
CNNVD-202508-3696
Related CVE
- CNNVD Published: 2025-08-31
Description (Chinese)
Koillection是Benjamin Jonard个人开发者的一个自托管服务,允许用户管理任何类型的集合。 Koillection 1.6.18及之前版本存在安全漏洞,该漏洞源于对文件assets/controllers/csrf_protection_controller.js的错误操作导致跨站请求伪造攻击。
Description (English)
Koillecing is a self-hosted service for Benjamin Jonard ’ s personal developer and allows users to manage any type of collection. There is a security loophole in the Koillection 1.6.18 et seq. version, which stems from an error in the handling of document assets/controllers/csrf protection controller.js, resulting in a cross-site request for a false attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-31
Last Modified
2026-02-24
References
https://vuldb.com/?submit.640421 https://vuldb.com/?id.322047 https://vuldb.com/?ctiid.322047 https://github.com/benjaminjonard/koillection/releases/tag/1.7.0 https://github.com/benjaminjonard/koillection/issues/1393#issuecomment-3217310072 https://github.com/benjaminjonard/koillection/issues/1393#issue-3347724086 https://github.com/benjaminjonard/koillection/commit/9ab8562d3f1e953da93fed63f9ee802c7ea26a9a https://access.redhat.com/security/cve/cve-2025-9747 https://nvd.nist.gov/vuln/detail/CVE-2025-9747
Patch
https://github.com/benjaminjonard/koillection/releases
Share on: