CNNVD-202601-4636 Information

CNNVD ID

CNNVD-202601-4636

Related CVE

CVE-2026-24888

• CNNVD Published: 2026-01-28

Description (Chinese)

Maker.js是Microsoft开源的一个二维矢量线绘制和形状建模工具。 Maker.js 0.19.1及之前版本存在安全漏洞，该漏洞源于makerjs.extendObject函数复制源对象属性时缺乏适当验证，可能允许复制继承的或恶意的属性，从而带来安全风险。

Description (English)

Maker.js is a 2D vector line mapping and shape modelling tool for Microsoft open sources. There is a security loophole in Maker.js 0.19.1 and earlier versions, which stems from the lack of proper validation of the replicating of the source object properties in the Makerjs.extendObject function, which may allow the reproduction of inherited or malicious attributes, thereby posing a security risk.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

微软

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/microsoft/maker.js/blob/98cffa82a372ff942194c925a12a311253587167/packages/maker.js/src/core/maker.ts#L232-L241 https://github.com/microsoft/maker.js/commit/85e0f12bd868974b891601a141974f929dec36b8 https://github.com/microsoft/maker.js/security/advisories/GHSA-2cp6-34r9-54xx