CNNVD-202512-4857 Information
CNNVD ID
CNNVD-202512-4857
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.27.0版本至1.28.0之前版本存在安全漏洞,该漏洞源于攻击者可修改代理设置导致429 Retry-After响应,可能导致全局拒绝访问订阅源。
Description (English)
FreshRSS is a free, self-serving RSS polymer for FreshRSS. There is a security gap between FreshRSS version 1.27.0 and previous version 1.28.0, which stems from the fact that the assailant can modify the proxy settings, resulting in a 429 Retry-After response, which may lead to a global refusal to access the subscriber.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FreshRSS
Published
2025-12-27
Last Modified
2026-02-24
References
https://github.com/FreshRSS/FreshRSS/commit/7d4854a0a4f5665db599f18c34035786465639f3 https://github.com/FreshRSS/FreshRSS/pull/8029 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-qw34-frg7-gf78 https://access.redhat.com/security/cve/cve-2025-68148
Patch
https://github.com/FreshRSS/FreshRSS/releases
Share on: