CNNVD-202601-1801 Information
CNNVD ID
CNNVD-202601-1801
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Appsmith是Appsmith开源的一个用于构建、部署和维护内部应用程序的开源平台。 Appsmith 1.93之前版本存在访问控制错误漏洞,该漏洞源于服务器使用请求标头中的Origin值作为电子邮件链接的baseUrl而未经验证,可能导致身份验证令牌泄露并可能导致账户接管。
Description (English)
Appsmith is an open-source platform for building, deploying and maintaining internal applications. The previous version of Appsmith 1.93 had an access control error loophole, which originated from the unverified use by the server of the Origin value in the request header as a BaseUrl link to the e-mail, which could lead to the disclosure of the authentication badge and possibly to the account taking over.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
Appsmith
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/appsmithorg/appsmith/commit/6f9ee6226bac13fb4b836940b557913fff78b633 https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
Patch
https://github.com/appsmithorg/appsmith/releases
Share on: