CNNVD-202512-214 Information
Dec 02, 2025
cve
CNNVD ID
CNNVD-202512-214
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Nocobase是NocoBase开源的一个低代码平台。 nocobase 1.9.4版本和2.0.0-alpha.37版本存在安全漏洞,该漏洞源于文件nocobasepackagescoreauthsrcasejwt-service.ts中参数API_KEY使用硬编码密钥。
Description (English)
Nocobase is a low-code platform for nocoBase open source. There is a security loophole in versions 1.9.4 and 2.0.0-alpha.37, which originates from the use of hard-coded keys in the parameters API KEY in the file Nocobasepackagescoreusejwt-service.ts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NocoBase
Published
2025-12-02
Last Modified
2026-02-24
References
https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d https://vuldb.com/?ctiid.334033 https://vuldb.com/?id.334033 https://vuldb.com/?submit.692205
Patch
https://github.com/nocobase/nocobase/releases
Share on: