CNNVD-202509-4548 Information
Sep 30, 2025
cve
CNNVD ID
CNNVD-202509-4548
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
MinIO Java SDK是MinIO开源的一个Java版MinIO客户端的开发者工具。 MinIO Java SDK 8.6.0之前版本存在代码注入漏洞,该漏洞源于XML标签值自动替换系统属性或环境变量,可能导致敏感信息泄露。
Description (English)
MinIO Java SDK is the developer tool for a Java version of the MinIO client from MinIO Open Source. The pre-MinIO Java SDK 8.6.0 version contains a code-injecting loophole, which originates from XML label value automatic substitution system properties or environmental variables, which may lead to the disclosure of sensitive information.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
MinIO
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.com/minio/minio-java/releases/tag/8.6.0 https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm
Patch
https://www.min.io/download?platform=kubernetes
Share on: