CNNVD-202601-3190 Information

CNNVD ID

CNNVD-202601-3190

Related CVE

CVE-2025-66803

• CNNVD Published: 2026-01-20

Description (Chinese)

Turbo是Hotwire开源的一个代码开发工具。 Turbo 8.0.x之前版本存在安全漏洞，该漏洞源于turbo-frame元素处理程序存在竞争条件，可能导致注销操作失败和会话Cookie在注销后被重新应用。

Description (English)

Turbo is a code development tool for the Hotwire open source. There was a security loophole in the pre-Turbo 8.0x version, which stemmed from competitive conditions in the turbo-frame element process, which could lead to write-off failures and the reuse of the session by Cookie after write-off.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Hotwire

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/hotwired/turbo/pull/1399 https://github.com/hotwired/turbo/security/advisories/GHSA-qppm-g56g-fpvp https://turbo.hotwired.dev/handbook/frames https://access.redhat.com/security/cve/cve-2025-66803

Patch

https://github.com/hotwired/turbo/releases