CNNVD-202508-408 Information

Aug 06, 2025 cve

CNNVD ID

CNNVD-202508-408

CVE-2025-54594

CNNVD Published: 2025-08-06

Description (Chinese)

react-native-bottom-tabs是Callstack Incubator开源的一个的原生底部标签。 react-native-bottom-tabs 0.9.2及之前版本存在安全漏洞，该漏洞源于GitHub Actions工作流使用不当的pull_request_target事件触发器，可能导致任意代码执行。

Description (English)

React-native-bottom-tabs is a primary bottom label for Callstack Incubator. There is a security loophole in react-native-bottom-tabs 0.9.2 and earlier versions, which stems from the inappropriate use of the pull request target trigger by the GitHub Actions workflow, which could lead to arbitrary code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Callstack Incubator

Published

2025-08-06

Last Modified

2026-02-24

References

https://github.com/callstackincubator/react-native-bottom-tabs/commit/9e1c9c61d742c435ac5e0901b7e0c9249b9fc70c https://github.com/callstackincubator/react-native-bottom-tabs/security/advisories/GHSA-588g-38p4-gr6x https://callstack.notion.site/Post-Incident-Security-Measures-GitHub-Actions-Workflow-Vulnerability-2405d027c0f8804ab7f7cdfb43366a31 https://access.redhat.com/security/cve/cve-2025-54594

Patch

https://github.com/callstackincubator/react-native-bottom-tabs/releases

Share on: