CNNVD-202510-756 Information

CNNVD ID

CNNVD-202510-756

Related CVE

CVE-2025-61768

• CNNVD Published: 2025-10-06

Description (Chinese)

KUNO是XueMian (ICT.RUN)个人开发者的一个博客应用程序 KUNO 1.3.15之前版本存在代码问题漏洞，该漏洞源于媒体模块允许上传特制SVG文件，可能导致服务端请求伪造攻击。

Description (English)

KUNO is a blog application for XueMian (ICT.RUN) personal developers KUNO 1.3.15 has a code problem gap in its previous version, which stems from the fact that the media module allows the uploading of specially created SVG files, which may lead to a request by the service side for a false attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-06

Last Modified

2026-02-24

References

https://github.com/xuemian168/kuno/commit/804b2909c65b16ae2063d0f992e0711aa09475e2 https://github.com/xuemian168/kuno/releases/tag/v1.3.15 https://github.com/xuemian168/kuno/security/advisories/GHSA-4f5f-2c49-5mwm

Patch

https://github.com/xuemian168/kuno/releases