CNNVD-202511-2320 Information
Nov 20, 2025
cve
CNNVD ID
CNNVD-202511-2320
Related CVE
- CNNVD Published: 2025-11-20
Description (Chinese)
Open OnDemand是Ohio Supercomputer Center开源的一个通过Web实现开放式交互式HPC的软件。 Open OnDemand 4.0.8之前版本和3.1.16之前版本存在安全漏洞,该漏洞源于TOCTOU攻击,可能导致访问OOD_ALLOWLIST之外的文件。
Description (English)
Open OnDemand is an open interactive HPC software from the Open Supercomputer Center open source through Web. There is a security loophole in previous versions of Open OnDemand 4.0.8 and 3.1.16, which originated from the TOCTOU attack and could lead to access to documents outside OOD ALLOWLIST.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ohio Supercomputer Center
Published
2025-11-20
Last Modified
2026-02-24
References
https://github.com/OSC/ondemand/security/advisories/GHSA-vjpg-34px-gjrw
Patch
https://github.com/OSC/ondemand/releases
Share on: