CNNVD-202601-2988 Information
CNNVD ID
CNNVD-202601-2988
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
Whisper Money是Whisper Money开源的一个个人理财应用程序。 Whisper Money 0.1.5之前版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致用户更新或创建其他用户的银行账户余额。
Description (English)
Whisper Money is a personal finance application for Whisper Money. There was a security loophole in the previous version of Whisper Money 0.1.5 that originated from an unsafe direct reference, which could lead to an update or creation of bank account balances by the user.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Whisper Money
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/whisper-money/whisper-money/commit/80117c3edeaf5c5a5166f3815fc555a15b5ce686 https://github.com/whisper-money/whisper-money/security/advisories/GHSA-c4g3-wpxr-2m74 https://github.com/whisper-money/whisper-money/pull/60 https://access.redhat.com/security/cve/cve-2026-23844
Patch
https://github.com/whisper-money/whisper-money/tags
Share on: