CNNVD-202512-1128 Information
CNNVD ID
CNNVD-202512-1128
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
elysia是elysia开源的一个框架。 elysia 1.4.17及之前版本存在代码注入漏洞,该漏洞源于cookie配置未清理,可能导致任意代码执行。
Description (English)
elysia is a framework for elysia open sources. Elysia 1.4.17 and earlier versions had a code-infusion loophole, which originated from the uncleaned cookies configuration and could lead to arbitrary code implementation.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
elysia
Published
2025-12-09
Last Modified
2026-02-24
References
https://github.com/elysiajs/elysia/pull/1564 https://github.com/elysiajs/elysia/security/advisories/GHSA-8vch-m3f4-q8jf https://github.com/elysiajs/elysia/security/advisories/GHSA-hxj9-33pp-j2cc https://github.com/elysiajs/elysia/commit/3af978663e437dccc6c1a2a3aff4b74e1574849e https://github.com/elysiajs/elysia/commit/26935bf76ebc43b4a43d48b173fc853de43bb51e https://access.redhat.com/security/cve/cve-2025-66457
Patch
https://github.com/elysiajs/elysia/releases
Share on: