CNNVD-202601-4008 Information

CNNVD ID

CNNVD-202601-4008

Related CVE

CVE-2025-67124

• CNNVD Published: 2026-01-23

Description (Chinese)

miniserve是Sven-Hendrik Haase个人开发者的一个命令行工具。 miniserve 0.32.0版本存在安全漏洞，该漏洞源于上传完成时存在TOCTOU和符号链接竞争，可能导致覆盖预期上传/文档根目录之外的文件。

Description (English)

Miniserve is a command line tool for Sven-Hendrik Haase personal developers. There is a security loophole in version 0.32.0 of mineserve, which stems from the TOCTOU and symbol link competition at the time of upload completion, which may result in overleafing documents outside the intended upload/document root directory.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/svenstaro/miniserve https://gist.github.com/thesmartshadow/55688f87f8b985eb530e07d00ef8c63f https://access.redhat.com/security/cve/cve-2025-67124