CNNVD-202511-360 Information
CNNVD ID
CNNVD-202511-360
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在安全漏洞,该漏洞源于未验证注释长度,可能导致活动日志永久损坏。
Description (English)
MantisBT is a Web-based open-source deficiency tracking system for the MantisBT team. The system provides project management and deficiency tracking services in the form of Web operations. MantisBT 2.27.1 and previous versions had a security loophole, which stemmed from the unverified length of the comment and could lead to permanent damage to the activity log.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
MantisBT
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234 https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238 https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
Patch
https://github.com/mantisbt/mantisbt/tags
Share on: