CNNVD-202512-2272 Information

CNNVD ID

CNNVD-202512-2272

Related CVE

CVE-2025-67750

• CNNVD Published: 2025-12-12

Description (Chinese)

lightning-flow-scanner是Lightning Flow Scanner开源的一个命令行自动化插件。 lightning-flow-scanner 6.10.5及之前版本存在代码注入漏洞，该漏洞源于恶意构造的流元数据文件可能导致任意JavaScript执行。

Description (English)

Lightning-flow-scanner is a command line automation plugin for the Lightning Flow Scanner Open Source. Lightning-flow-scanner 6.10.5 and earlier versions have a code-injecting loophole, which stems from maliciously constructed current metadata files that may result in the arbitrary execution of JavaScript.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Lightning Flow Scanner

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/Flow-Scanner/lightning-flow-scanner/commit/10f64a5eb193d8a777e453b25e910144e4540795 https://github.com/Flow-Scanner/lightning-flow-scanner/releases/tag/core-v6.10.6 https://github.com/Flow-Scanner/lightning-flow-scanner/security/advisories/GHSA-55jh-84jv-8mx8

Patch

https://github.com/Flow-Scanner/lightning-flow-scanner/releases