CNNVD-202509-3087 Information
CNNVD ID
CNNVD-202509-3087
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
AliasVault是AliasVault开源的一个密码管理器。 AliasVault 0.23.0及之前版本存在代码问题漏洞,该漏洞源于favicon提取功能未正确验证重定向请求,可能导致服务端请求伪造攻击。
Description (English)
AliasVault is a password manager for AliasVault open source. AliasVault 0.23.0 and previous versions had a code problem loophole, which stemmed from the incorrect validation of a re-direction request by the Favicon extraction function, which could lead to a sham attack by a service-level request.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
AliasVault
Published
2025-09-19
Last Modified
2026-02-24
References
https://github.com/aliasvault/aliasvault/commit/58c39815e4c8bb27a311c3b592d54e157b4e6968 https://github.com/aliasvault/aliasvault/pull/1226 https://github.com/aliasvault/aliasvault/releases/tag/0.23.1 https://github.com/aliasvault/aliasvault/security/advisories/GHSA-f253-f7xc-w7pj https://access.redhat.com/security/cve/cve-2025-59344
Patch
https://github.com/aliasvault/aliasvault/releases
Share on: