CNNVD-202512-001 Information
CNNVD ID
CNNVD-202512-001
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Deco Apps Library / MCP Servers是deco.cx开源的一个内容管理系统。 Deco Apps Library / MCP Servers 0.120.1及之前版本存在代码问题漏洞,该漏洞源于文件website/loaders/analyticsScript.ts中参数url的错误操作,可能导致服务端请求伪造。
Description (English)
Deco Apps Library / MCP Servers is a content management system that is an open source of deco.cx. Deco Apps Library / MCP Servers 0.120.1 and previous versions had a code problem loophole, which stemmed from the incorrect operation of the parameter url in the document Website/loaders/analyticsScript.ts, which could lead to forgery of service requests.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
deco.cx
Published
2025-12-01
Last Modified
2026-02-24
References
https://vuldb.com/?id.333807 https://github.com/deco-cx/apps/releases/tag/0.120.2 https://vuldb.com/?ctiid.333807 https://github.com/deco-cx/apps/pull/1360 https://vuldb.com/?submit.691837 https://access.redhat.com/security/cve/cve-2025-13796
Patch
https://github.com/deco-cx/apps/releases
Share on: