CNNVD-202510-1264 Information

CNNVD ID

CNNVD-202510-1264

Related CVE

CVE-2025-59146

• CNNVD Published: 2025-10-09

Description (Chinese)

New API是QuantumNous开源的一个接口软件。 New API 0.9.0.5之前版本存在代码问题漏洞，该漏洞源于未正确验证用户提供的URL，可能导致服务器端请求伪造攻击。

Description (English)

New API is an interface for QuantumNous open source. New API version 0.9.0.5 had a code problem loophole, which originated from the incorrect validation of URLs provided by users and could lead to the server requesting a false attack.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

QuantumNous

Published

2025-10-09

Last Modified

2026-02-24

References

https://github.com/QuantumNous/new-api/commit/ef634160986c6f6b087cbfe131074fda862928af https://github.com/QuantumNous/new-api/security/advisories/GHSA-xxv6-m6fx-vfhh https://access.redhat.com/security/cve/cve-2025-59146

Patch

https://www.newapi.ai/