CNNVD-202512-663 Information
CNNVD ID
CNNVD-202512-663
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Calendar是Nextcloud开源的一个日历应用程序。 Nextcloud Calendar 4.7.17之前版本和5.2.4之前版本存在安全漏洞,该漏洞源于恶意用户可创建特制附件,可能导致文件被自动下载。
Description (English)
Nextcloud Calendar is a calendar application from the Nextcloud open source. Nextcloud Calendar 4.7.17 and 5.2.4 had a security loophole, which stemmed from the fact that malicious users could create specially designed attachments that could lead to automatic downloading of documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/calendar/commit/63a6c398db01391eb9fd5297a0d4c3d6e614f769 https://github.com/nextcloud/calendar/pull/6971 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f29c-ppmv-8mcv https://hackerone.com/reports/3112033
Patch
https://apps.nextcloud.com/apps/calendar
Share on: