CNNVD-202509-4521 Information

CNNVD ID

CNNVD-202509-4521

Related CVE

CVE-2025-61584

• CNNVD Published: 2025-09-30

Description (Chinese)

serverless-dns是serverless-dns开源的一个DNS解析器。 serverless-dns 0.1.30及之前版本存在命令注入漏洞，该漏洞源于pr.yml GitHub Action以不安全方式插入不受信任的输入，可能导致执行攻击者代码。

Description (English)

Serverless-dns is a DNS solver from the open source of serverless-dns. There is a gap in commands in the servers-dns 0.1.30 and earlier versions, which stems from the unsafe insertion of untrusted inputs into pr.yml GitHub Action, which may lead to the execution of the attacker code.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

serverless-dns

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/serverless-dns/serverless-dns/commit/c5537dd7f203c59f2b86d1e295c2371f3533946a https://github.com/serverless-dns/serverless-dns/security/advisories/GHSA-9g7x-737f-5xpc

Patch

https://github.com/serverless-dns/serverless-dns