CNNVD-202510-261 Information
CNNVD ID
CNNVD-202510-261
Related CVE
- CNNVD Published: 2025-10-02
Description (Chinese)
Volto是Plone Foundation开源的一个内容管理系统。 Volto 16.34.0及之前版本、17.0.0版本至17.22.1版本、18.0.0版本至18.27.1版本和19.0.0-alpha.1版本至19.0.0-alpha.5版本存在代码问题漏洞,该漏洞源于匿名用户访问特定URL可能导致NodeJS服务器退出。
Description (English)
Volto is an open-source content management system for Plane Foundation. Volto 16.34.0 and earlier, version 17.0.0 to version 17.22.1, version 18.0.0 to version 18.27.1 and version 19.0.0-alpha.1 to version 19.0.0 to version 19.0-alpha.5, which arises from anonymous user access to specific URLs that may lead to the withdrawal of the NodeJSS server.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Plone Foundation
Published
2025-10-02
Last Modified
2026-02-24
References
http://github.com/plone/volto/releases/tag/18.27.2 https://github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c https://github.com/plone/volto/pull/7412 https://github.com/plone/volto/pull/7413 https://github.com/plone/volto/releases/tag/16.34.1 https://github.com/plone/volto/releases/tag/17.22.2 https://github.com/plone/volto/releases/tag/19.0.0-alpha.6 https://github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33
Patch
https://github.com/plone/volto/releases
Share on: