CNNVD-202601-1745 Information

CNNVD ID

CNNVD-202601-1745

Related CVE

CVE-2026-22685

• CNNVD Published: 2026-01-10

Description (Chinese)

DevToys是DevToys开源的一个开发者工具包。 DevToys 2.0.0.0版本至2.0.9.0之前版本存在路径遍历漏洞，该漏洞源于扩展安装机制路径验证不足，可能导致任意文件覆盖和代码执行。

Description (English)

DevToys is an open source DevToys development toolkit. DevToys 2.0.0 to 2.0.9.0 had a loophole in the path, which stemmed from the inadequate verification of the path of the extended installation mechanism, which could lead to any file overlay and code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

DevToys

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/DevToys-app/DevToys/commit/02fb7d46d9c663a4ee6ed968baa6a8810405047f https://github.com/DevToys-app/DevToys/pull/1643 https://github.com/DevToys-app/DevToys/security/advisories/GHSA-ggxr-h6fm-p2qh

Patch

https://devtoys.app/download