CNNVD-202512-3138 Information

CNNVD ID

CNNVD-202512-3138

Related CVE

CVE-2025-68429

• CNNVD Published: 2025-12-17

Description (Chinese)

Storybook是Storybook开源的一个UI组件开发环境。 Storybook 7.6.21之前版本、8.6.15之前版本、9.1.17之前版本和10.1.10之前版本存在安全漏洞，该漏洞源于处理.env文件中的环境变量时可能将其意外打包到构建产物中，可能导致敏感信息泄露。

Description (English)

Storybook is an UI component development environment for the Stonebook open source. There is a security loophole in previous versions of Storybook 7.6.21, 8.6.15, 9.1.17 and 10.1.10, which stems from the possibility that environmental variables in the .env file may accidentally be packaged into construction products and may lead to the disclosure of sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Storybook

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6 https://storybook.js.org/blog/security-advisory

Patch

https://github.com/storybookjs/storybook/releases