CNNVD-202511-3052 Information
CNNVD ID
CNNVD-202511-3052
Related CVE
- CNNVD Published: 2025-11-29
Description (Chinese)
Rallly是Luke Vella个人开发者的一款日程安排和协作工具,旨在更轻松地组织活动和会议。 Rallly 4.5.6之前版本存在安全漏洞,该漏洞源于/api/trpc/polls.get,polls.participants.list端点信息披露,可能导致隐私泄露。
Description (English)
Rollly is a calendar and collaboration tool for Luke Vella’s personal developer, which aims to organize events and meetings more easily. There was a security loophole in the previous version of Rollly 4.5.6, which originated in/api/trpc/polls.get, Polls.participants.list endpoint disclosure, which could lead to privacy disclosure.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-29
Last Modified
2026-02-24
References
https://github.com/lukevella/rallly/commit/59738c04f9a8ec25f0af5ce20ad0eab6cf134963 https://github.com/lukevella/rallly/releases/tag/v4.5.6 https://github.com/lukevella/rallly/security/advisories/GHSA-65wg-8xgw-f3fg https://access.redhat.com/security/cve/cve-2025-66027
Patch
https://github.com/lukevella/rallly/releases
Share on: