CNNVD-202512-3432 Information

CNNVD ID

CNNVD-202512-3432

Related CVE

CVE-2025-14896

• CNNVD Published: 2025-12-18

Description (Chinese)

kroki是Yuzu tech开源的一个图标创建工具。 kroki存在安全漏洞，该漏洞源于convert函数清理不足，可能导致发送请求到任意URL和泄露敏感信息。

Description (English)

Kroki is an icon creation tool for the Yuzu tech open source. There is a security loophole in Kroki, which stems from the inadequate clean-up of the convert function, which may lead to the sending of requests to any URL and the disclosure of sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Yuzu tech

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/yuzutech/kroki/commit/f31093cd8a0a1d6999c43d560f62d1e82d59c77e