CNNVD-202510-2492 Information

CNNVD ID

CNNVD-202510-2492

Related CVE

CVE-2025-48044

• CNNVD Published: 2025-10-17

Description (Chinese)

Ash Framework是Ash Framework开源的一个用于构建Elixir应用程序的框架。 Ash Framework 3.6.3版本至3.7.1之前版本存在安全漏洞，该漏洞源于授权不当，可能导致身份验证绕过。

Description (English)

Ash Framework is an open-source framework for the construction of Elixir applications. There was a security loophole in Ash Framework 3.6.3 to 3.7.1, which stemmed from improper authorization and could lead to a circumvention of identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ash Framework

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/ash-project/ash/commit/8b83efa225f657bfc3656ad8ee8485f9b2de923d https://github.com/ash-project/ash/security/advisories/GHSA-pcxq-fjp3-r752 https://access.redhat.com/security/cve/cve-2025-48044

Patch

https://github.com/ash-project/ash/releases