CNNVD-202601-3002 Information
CNNVD ID
CNNVD-202601-3002
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
HotCRP Conference Review Software是Eddie Kohler个人开发者的一个软件。用于管理评审过程,尤其是学术会议。 HotCRP Conference Review Software存在安全漏洞,该漏洞源于文档API存在缺陷,可能导致至少提交过一次论文的作者下载与任何提交相关的任何文档。
Description (English)
HotCRP Conference Review Software is a software for Eddie Kohler’s personal developer. To manage the evaluation process, particularly academic meetings. There is a security loophole in HotCRP Conference Review Software, which stems from the deficiencies in the API document and may result in any document related to any submission being downloaded by the authors who have submitted at least one paper.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508 https://github.com/kohler/hotcrp/security/advisories/GHSA-vh3x-xwj4-jvqx https://github.com/kohler/hotcrp/commit/ceacd5f1476458792c44c6a993670f02c984b4a0 https://access.redhat.com/security/cve/cve-2026-23878
Patch
https://github.com/kohler/hotcrp/tags
Share on: