CNNVD-202510-4193 Information

CNNVD ID

CNNVD-202510-4193

Related CVE

CVE-2025-64115

• CNNVD Published: 2025-10-30

Description (Chinese)

Movary是Lee Peuker个人开发者的一个影评程序。 Movary 0.68.0及之前版本存在输入验证错误漏洞，该漏洞源于直接使用HTTP Referer标头值进行重定向，可能导致开放重定向攻击和钓鱼攻击。

Description (English)

Movary is a film evaluation program for Lee Peuker’s personal developer. Movary 0.68.0 and previous versions have input verification error holes that stem from direct re-direction using HTTP Referer header values, which may lead to open-ended re-directional and fishing attacks.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

个人开发者

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f https://github.com/leepeuker/movary/pull/713 https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f

Patch

https://github.com/leepeuker/movary/releases