CNNVD-202512-631 Information
Dec 05, 2025
cve
CNNVD ID
CNNVD-202512-631
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
HedgeDoc是HedgeDoc团队的一个基于Javascript的Markdown文档实时编辑分享平台。 HedgeDoc 1.10.4之前版本存在跨站请求伪造漏洞,该漏洞源于OAuth2端点缺少CSRF保护,可能导致跨站请求伪造攻击。
Description (English)
HedgeDoc is a real-time editing platform for Markdown documents based on Javascript for the HedgeDoc team. The previous version of HedgeDoc 1.10.4 had a false cross-site request loophole, which stemmed from the lack of CSRF protection at the OAuth 2 endpoint, which could lead to cross-site requests for false attacks.
Hazard Level
Critical
Vulnerability Type
跨站请求伪造
Affected Vendor
HedgeDoc
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/hedgedoc/hedgedoc/commit/35f36fccba941ed8029ee222f7d2a5df17b42e2b https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6wm6-3vpq-6qvv https://access.redhat.com/security/cve/cve-2025-66629
Patch
https://hedgedoc.org/releases/1.10.5/
Share on: