CNNVD-202510-1089 Information
CNNVD ID
CNNVD-202510-1089
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
Double Take是David Jakowenko个人开发者的一个统一的UI和API,具有处理和训练用于面部识别的图像的功能。 Double Take 1.13.1及之前版本存在代码注入漏洞,该漏洞源于对组件API中文件api/src/app.js函数app.use的参数X-Ingress-Path操作不当,可能导致跨站脚本攻击。
Description (English)
Double Take is a unified UI and API for David Jakowenko’s personal developer and has the capability to process and train images for facial recognition. Double Take 1.13.1 and previous versions have code-infusion holes, which stem from the inappropriate operation of the parameter X-Ingress-Path for the document api/src/app.js function in component API, app.use, which may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2025-10-07
Last Modified
2026-02-24
References
https://github.com/jakowenko/double-take/commit/e11de9dd6b4ea6b7ec9a5607a920d48961e9fa50 https://github.com/jakowenko/double-take/releases/tag/v1.13.2 https://vuldb.com/?ctiid.327247 https://vuldb.com/?id.327247 https://vuldb.com/?submit.664967
Patch
https://github.com/jakowenko/double-take/releases
Share on: