CNNVD-202512-653 Information
CNNVD ID
CNNVD-202512-653
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Deck是Nextcloud开源的一个看板风格的组织工具。旨在为与 Nextcloud 集成的团队进行个人规划和项目组织。 Deck 1.12.7之前版本、1.14.4之前版本和1.15.1之前版本存在安全漏洞,该漏洞源于文件扩展名可被伪造,可能导致用户下载恶意文件。
Description (English)
Deck is an organizational tool for Nextcloud’s board style. The aim is to carry out personal planning and project organization for teams integrated with NextCloud. Deck 1.12.7 has a security loophole in previous versions, 1.11.4 and 1.15.1, which stems from the forgery of the file extension and may lead to the downloading of malicious documents by users.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/deck/commit/afa95d3c507465b9d31af7c88c69b76711ef185a https://github.com/nextcloud/deck/pull/6671 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xjvq-xvr7-xpg6 https://hackerone.com/reports/2326618
Patch
https://apps.nextcloud.com/apps/deck
Share on: