CNNVD-202511-2927 Information

CNNVD ID

CNNVD-202511-2927

Related CVE

CVE-2025-66040

• CNNVD Published: 2025-11-27

Description (Chinese)

Spotipy是spotipy-dev个人开发者的用于 Spotify Web API 的轻量级 Python 库。 Spotipy 2.25.2之前版本存在跨站脚本漏洞，该漏洞源于OAuth回调服务器未清理错误参数，可能导致跨站脚本攻击。

Description (English)

Spotipy is a lightweight Python library for Spotipy Web API for personal developers. The pre-Spotipy 2.25.2 cross-site script loophole, which originated from the failure to clear the wrong parameters on the OAuth switch server, could lead to cross-site script attacks.

Hazard Level

Critical

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-11-27

Last Modified

2026-02-24

References

https://github.com/spotipy-dev/spotipy/commit/880b92d7243dcf2b83bf31dc365a858d8b5e6767 https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm https://access.redhat.com/security/cve/cve-2025-66040

Patch

https://github.com/spotipy-dev/spotipy/releases