CNNVD-202510-2350 Information

CNNVD ID

CNNVD-202510-2350

Related CVE

CVE-2025-11842

• CNNVD Published: 2025-10-16

Description (Chinese)

Smidge是Shannon Deminick个人开发者的一个文件压缩、组合、压缩和管理库。 Smidge 4.5.1及之前版本存在路径遍历漏洞，该漏洞源于Bundle Handler组件中对参数Version的错误操作，可能导致路径遍历攻击。

Description (English)

Smidge is a file compression, assembly, compression and management library for Shannon Deminick’s personal developer. Smidge 4.5.1 and previous versions have a loophole in the path that stems from the error of Version, the parameter in the Bundle Handler component, which could lead to a path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/Shazwazza/Smidge/releases/tag/v4.6.0 https://github.com/asust9/smidge-vuln?tab=readme-ov-file https://vuldb.com/?ctiid.328776 https://vuldb.com/?id.328776 https://vuldb.com/?submit.664905

Patch

https://github.com/Shazwazza/Smidge/releases