CNNVD-202511-859 Information

CNNVD ID

CNNVD-202511-859

Related CVE

CVE-2025-64494

• CNNVD Published: 2025-11-08

Description (Chinese)

Soft Serve是Charm开源的一个可自托管的命令行 Git 服务器。 Soft Serve 0.10.0之前版本存在安全漏洞，该漏洞源于未移除ANSI转义序列和未清理git消息，可能导致伪造警报攻击。

Description (English)

Soft Serve is a self-serving command line of Charming open source Git server. There was a security loophole in the previous version of Soft Serve 0.10.0, which arose from the failure to remove ANSI transliteration sequences and uncleaned git messages, which could lead to false alarm attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Charm

Published

2025-11-08

Last Modified

2026-02-24

References

https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-fv2r-r8mp-pg48 https://github.com/charmbracelet/soft-serve/commit/d9639320b8d0ccd76fe6836a042c042b0ebde549 https://access.redhat.com/security/cve/cve-2025-64494

Patch

https://github.com/charmbracelet/soft-serve/releases