CNNVD-202512-1129 Information
CNNVD ID
CNNVD-202512-1129
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
elysia是elysia开源的一个框架。 elysia 1.4.0版本至1.4.16版本存在安全漏洞,该漏洞源于mergeDeep函数存在原型污染,可能导致远程代码执行。
Description (English)
elysia is a framework for elysia open sources. Elysia 1.4.0 to 1.4.16 has a safety loophole, which stems from the prototype contamination of the MergeDeep function, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
elysia
Published
2025-12-09
Last Modified
2026-02-24
References
https://github.com/elysiajs/elysia/pull/1564 https://github.com/elysiajs/elysia/security/advisories/GHSA-8vch-m3f4-q8jf https://github.com/elysiajs/elysia/security/advisories/GHSA-hxj9-33pp-j2cc https://github.com/elysiajs/elysia/commit/3af978663e437dccc6c1a2a3aff4b74e1574849e https://github.com/elysiajs/elysia/commit/26935bf76ebc43b4a43d48b173fc853de43bb51e https://access.redhat.com/security/cve/cve-2025-66456
Patch
https://github.com/elysiajs/elysia/releases
Share on: