CNNVD-202510-2717 Information
CNNVD ID
CNNVD-202510-2717
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
sharp是lovell个人开发者的一款用于将常见格式的大图像转换为更小的、对 Web 友好的 JPEG、PNG、WebP、GIF 和不同尺寸的 AVIF 图像。 sharp v9.6.6版本存在安全漏洞,该漏洞源于src/Form/Fields/SharpFormUploadField.php容易受到跨站脚本攻击。
Description (English)
The sharp is a paragraph by Lovell Personal Developer to convert large images in common formats to smaller, web-friendly JPEG, PNG, WebP, GIF and different sizes of AVIF images. Version sharp v9.6.6 contains a security loophole that stems from the vulnerability of src/Form/Filds/SharpFormUploadfield.php to cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-21
Last Modified
2026-02-24
References
https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457 https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97 https://github.com/code16/sharp/issues/611 https://github.com/code16/sharp/releases/tag/v9.7.0 https://access.redhat.com/security/cve/cve-2025-61457
Patch
https://github.com/code16/sharp/releases
Share on: