CNNVD-202511-808 Information

CNNVD ID

CNNVD-202511-808

Related CVE

CVE-2025-63783

• CNNVD Published: 2025-11-07

Description (Chinese)

Onlook是Onlook开源的一个源码可视化编辑工具。 Onlook 0.2.32版本存在安全漏洞，该漏洞源于API未验证当前认证用户对请求项目ID的所有权或成员资格，可能导致数据完整性和可用性受损。

Description (English)

OnLook is a source-based visual editing tool for OnLook open source. Onlook version 0.2.32 contains a security loophole, which stems from the fact that API has failed to verify the current authentication users ’ ownership or membership of the requested project ID, which could result in impaired data integrity and availability.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Onlook

Published

2025-11-07

Last Modified

2026-02-24

References

https://blog.soohyun.tech/CVE-2025-63783-IDOR-in-Onlook-27a557175d2e8061a3dbc931da53f095 https://tossbank.notion.site/IDOR-in-onlook-27a557175d2e8061a3dbc931da53f095