CNNVD-202512-3789 Information
Dec 19, 2025
cve
CNNVD ID
CNNVD-202512-3789
Related CVE
- CNNVD Published: 2025-12-19
Description (Chinese)
Dive是OpenAgentPlatform开源的一个MCP主机桌面应用程序。 Dive 0.11.1之前版本存在安全漏洞,该漏洞源于Mermaid图表渲染组件允许执行任意JavaScript,可能导致远程代码执行。
Description (English)
Dive is an MCP host desktop application from OpenAgentPlatform open source. There was a security loophole in the preDive 0.11.1 version, which stemmed from the Mermaid chart rendering component allowing the execution of any JavaScript, which could result in remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
OpenAgentPlatform
Published
2025-12-19
Last Modified
2026-02-24
References
https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-xv8m-365j-x6h2 https://access.redhat.com/security/cve/cve-2025-66580
Patch
https://github.com/wagoodman/dive/releases
Share on: