CNNVD-202601-004 Information

CNNVD ID

CNNVD-202601-004

Related CVE

CVE-2025-15414

• CNNVD Published: 2026-01-01

Description (Chinese)

Sonic是go-sonic开源的一个使用golang开发的高性能博客系统。 Sonic 1.1.4及之前版本存在代码问题漏洞，该漏洞源于Theme Fetching API组件文件service/theme/git_fetcher.go中FetchTheme函数对参数uri的错误操作，可能导致服务器端请求伪造。

Description (English)

Sonic is a high-performance blog system developed using Gosonic. The sonic 1.1.4 and previous versions had a code problem loophole, which stemmed from the wrong operation of the FetchTheme function in the Theme Fetching API component file service/theme/git fetcher.go for parameter uri, which could result in the server-end request for forgery.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

go-sonic

Published

2026-01-01

Last Modified

2026-02-24

References

https://vuldb.com/?id.339335 https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ https://vuldb.com/?ctiid.339335 https://vuldb.com/?submit.719789 https://note-hxlab.wetolink.com/share/SeCdFaAVlHAJ#-span–strong-proof-of-concept—strong—span- https://access.redhat.com/security/cve/cve-2025-15414