CNNVD-202509-2327 Information

CNNVD ID

CNNVD-202509-2327

Related CVE

CVE-2025-59336

• CNNVD Published: 2025-09-16

Description (Chinese)

Luanox是Lumen开源的一个图书馆的现代化托管服务。 Luanox 0.1.1之前版本存在安全漏洞，该漏洞源于未正确过滤包名，可能导致路径遍历攻击和拒绝服务。

Description (English)

Luanox is a modern hosting service for a library open to Lumen. There was a security loophole in the previous version of Luanox 0.1.1, which stemmed from incorrect filtering of the package name, which could lead to a routing attack and denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Lunary

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/lumen-oss/luanox/commit/5198640c9644e2fcef5809f83b9ab0a9b4d0eeb2 https://github.com/lumen-oss/luanox/security/advisories/GHSA-42c5-x4pj-4p3w https://github.com/lumen-oss/luanox/commit/2b6237f3baaa1d905c491fca29f8301835721c46 https://access.redhat.com/security/cve/cve-2025-59336

Patch

https://github.com/lumen-oss/luanox/releases