CNNVD-202509-4328 Information

CNNVD ID

CNNVD-202509-4328

Related CVE

CVE-2025-59163

• CNNVD Published: 2025-09-29

Description (Chinese)

SafeDep是SafeDep开源的一个防止恶意开源的软件包。 SafeDep 1.12.4及之前版本存在安全漏洞，该漏洞源于缺少HTTP Host和Origin标头验证，可能导致DNS重绑定攻击。

Description (English)

SafeDep is a software package to prevent malicious open-sources from SafeDep. SafeDep 1.12.4 and previous versions contain a security gap stemming from the lack of HTTP Host and Origin header verification, which could lead to a re-couping of the DNS.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SafeDep

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/safedep/vet/commit/0ae3560ba11846375812377299fe078d45cc3d48 https://github.com/safedep/vet/releases/tag/v1.12.5 https://github.com/safedep/vet/security/advisories/GHSA-6q9c-m9fr-865m

Patch

https://github.com/safedep/vet/releases