CNNVD-202601-010 Information

CNNVD ID

CNNVD-202601-010

Related CVE

CVE-2025-68619

• CNNVD Published: 2026-01-01

Description (Chinese)

Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 2.19.0之前版本存在代码注入漏洞，该漏洞源于appstore接口将版本参数直接传递给npm而未进行清理，可能导致任意代码执行。

Description (English)

Signal K Server is a central shipping server for Signal K Open Source. Signal K Server 2.19.0 had a code-infusion loophole, which originated from the applicationstore interface, which passed the version parameters directly to npm without being cleaned, and could lead to any code execution.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Signal K

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 https://github.com/SignalK/signalk-server/security/advisories/GHSA-93jc-vqqc-vvvh

Patch

https://github.com/SignalK/signalk-server/releases