CNNVD-202509-3794 Information

CNNVD ID

CNNVD-202509-3794

Related CVE

CVE-2025-57348

• CNNVD Published: 2025-09-24

Description (Chinese)

Cube是Cube开源的一个构建数据应用程序的语义层。 Cube 5.0.0-beta.19及之前版本存在安全漏洞，该漏洞源于原型链初始化过程中对用户输入验证不当，可能导致拒绝服务或执行任意代码。

Description (English)

Cube is a semantic layer of a construction data application from the Cube Open Source. Cube 5.0.0-beta.19 and previous versions had a security loophole, which stemmed from the inappropriate validation of user input during the initialization of the prototype chain, which could lead to the denial of services or the enforcement of arbitrary codes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CubeFS

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57348 https://github.com/node-cube/cube/issues/153