CNNVD-202512-140 Information
CNNVD ID
CNNVD-202512-140
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
NutzBoot是Nutz开源的一个企业级微服务框架。 NutzBoot 2.6.0-SNAPSHOT及之前版本存在安全漏洞,该漏洞源于文件EthModule.java中参数from/to/wei的错误操作,可能导致授权不当。
Description (English)
NutzBoot is an enterprise-level micro-service framework from Nutz open source. NutzBoot 2.6.0-SNAPSHOT and previous versions had a security loophole, which stemmed from the wrong operation of the parameter from/to/wei in document EthModule.java, which could lead to improper authorization.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Nutz
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc https://vuldb.com/?ctiid.333816 https://vuldb.com/?id.333816 https://vuldb.com/?submit.692061
Share on: