CNNVD-202509-3240 Information
CNNVD ID
CNNVD-202509-3240
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Conventional Changelog是Conventional Changelog开源的一个更新日志生成工具。 Conventional Changelog 2.0.0之前版本存在参数注入漏洞,该漏洞源于未对getTags API中的用户输入进行清理或验证,可能导致参数注入攻击,从而覆盖任意文件。
Description (English)
Environmental Changelog is an updated log generation tool for the Conventional Changelog Open Source. There was a gap in parameters in the previous version of the Convention Changelog 2.0.0, which stemmed from the failure to clean or validate user input in GetTags API, which could lead to an attack on the parameter, thus covering any file.
Hazard Level
High
Vulnerability Type
参数注入
Affected Vendor
ConvertX
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/conventional-changelog/conventional-changelog/security/advisories/GHSA-vh25-5764-9wcr https://github.com/conventional-changelog/conventional-changelog/commit/d95c9ffac05af58228bd89fa0ba37ad65741c6a2 https://access.redhat.com/security/cve/cve-2025-59433
Patch
https://github.com/conventional-changelog/conventional-changelog/releases
Share on: