CNNVD-202510-388 Information

CNNVD ID

CNNVD-202510-388

Related CVE

CVE-2025-61685

• CNNVD Published: 2025-10-03

Description (Chinese)

Mastra是mastra-ai开源的一个AI代理框架。 Mastra 0.13.8版本至0.13.20-alpha.0版本存在安全漏洞，该漏洞源于安全检查被绕过，可能导致目录遍历攻击。

Description (English)

Mastra is an AI proxy framework for the mastra-ai open source. There is a security loophole in Mastra 0.13.8 to 0.13.20-alpha.0, which stems from the circumvention of security checks, which could lead to an attack on the catalogue.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

mastra-ai

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/mastra-ai/mastra/commit/7f2b528ba82db512d68832d2f8ad6cbc8bb46cd4 https://github.com/mastra-ai/mastra/security/advisories/GHSA-xh92-rqrq-227v

Patch

https://github.com/mastra-ai/mastra/releases