CNNVD-202511-478 Information

CNNVD ID

CNNVD-202511-478

Related CVE

CVE-2025-64178

• CNNVD Published: 2025-11-06

Description (Chinese)

Jellysweep是Jonah个人开发者的一个媒体服务器的智能清理工具。 Jellysweep 0.12.1及之前版本存在代码问题漏洞，该漏洞源于/api/images/cache端点未验证URL参数，可能导致下载任意内容。

Description (English)

Jellysweep is a smart clean-up tool for a media server by Jonah’s personal developer. Jellysweep 0.12.1 and previous versions had a code problem loophole, which originated in/api/images/cache endpoints that did not validate URL parameters and could lead to any downloads.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/jon4hz/jellysweep/commit/17466312510966418aea941e4944229856d55101 https://github.com/jon4hz/jellysweep/security/advisories/GHSA-xc93-q32j-cpcg

Patch

https://github.com/jon4hz/jellysweep/releases