CNNVD-202510-2799 Information
CNNVD ID
CNNVD-202510-2799
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
BookLore是Booklore开源的一个自托管的多用户数字图书馆。 BookLore 1.8.1及之前版本存在安全漏洞,该漏洞源于多个媒体端点缺少访问控制注释且CoverJwtFilter在无认证令牌时继续处理请求,可能导致认证绕过和内容泄露。
Description (English)
BookLore is a self-hosted multi-user digital library from the open source of Booklore. BookLore 1.8.1 and previous versions contain a security loophole, which stems from the lack of access control notes at multiple media endpoints and the fact that CoverJwtFilter continues to process requests when there are no authentication badges, which may result in the authentication circumvention and content leakage.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Booklore
Published
2025-10-22
Last Modified
2026-02-24
References
https://github.com/booklore-app/booklore/commit/b226c43343cd0cef4c1cd54bc3dcdef90b147133 https://github.com/booklore-app/booklore/security/advisories/GHSA-363g-fhcq-hvqp https://access.redhat.com/security/cve/cve-2025-62614
Patch
https://github.com/booklore-app/booklore/releases
Share on: