CNNVD-202510-1717 Information

CNNVD ID

CNNVD-202510-1717

Related CVE

CVE-2025-62376

• CNNVD Published: 2025-10-14

Description (Chinese)

DOJO是pwn.college开源的一款JavaScript工具箱。 DOJO存在授权问题漏洞，该漏洞源于/workspace端点身份验证不当，可能导致未经授权访问Windows虚拟机。

Description (English)

DOJO is a JavaScript toolbox from pwn.college. DOJO has a mandate gap, which stems from inappropriate identification at the /workspace endpoint, which may lead to unauthorized access to the Windows Virtual Machine.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

pwn.college

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/pwncollege/dojo/security/advisories/GHSA-344w-77p7-gx2c https://github.com/pwncollege/dojo/commit/467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef https://access.redhat.com/security/cve/cve-2025-62376

Patch

https://pwn.college/