CNNVD-202511-969 Information
CNNVD ID
CNNVD-202511-969
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Cloudinary Node SDK是Cloudinary开源的一个Cloudinary NPM的开发工具包。 Cloudinary Node SDK 2.7.0之前版本存在安全漏洞,该漏洞源于对包含与符号的参数值解析不当,可能导致任意参数注入攻击。
Description (English)
Claudinary Node SDK is a Claudinary NPM development toolkit from the Claudinary Open Source. There was a security loophole in the previous version of Cloudinary Node SDK 2.7.0, which stemmed from the inappropriate interpretation of the values of the parameters containing the symbols, which could lead to the injection of random parameters into the attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Cloudinary
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/cloudinary/cloudinary_npm/commit/ec4b65f2b3461365c569198ed6d2cfa61cca4050 https://github.com/cloudinary/cloudinary_npm/pull/709 https://security.snyk.io/vuln/SNYK-JS-CLOUDINARY-10495740
Patch
https://github.com/cloudinary/cloudinary_npm/releases
Share on: