CNNVD-202511-2181 Information

CNNVD ID

CNNVD-202511-2181

Related CVE

CVE-2025-65020

• CNNVD Published: 2025-11-19

Description (Chinese)

Rallly是Luke Vella个人开发者的一款日程安排和协作工具，旨在更轻松地组织活动和会议。 Rallly 4.5.4之前版本存在安全漏洞，该漏洞源于投票复制端点存在不安全的直接对象引用，可能导致未经授权的投票复制。

Description (English)

Rollly is a calendar and collaboration tool for Luke Vella’s personal developer, which aims to organize events and meetings more easily. There was a security loophole in the previous version of Rallly 4.5.4, which stemmed from the presence of an unsafe direct-object reference at the end of the ballot, which could lead to unauthorized copies of votes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/lukevella/rallly/security/advisories/GHSA-44w7-pf32-gv5m https://github.com/lukevella/rallly/releases/tag/v4.5.4 https://access.redhat.com/security/cve/cve-2025-65020

Patch

https://github.com/lukevella/rallly/releases