CNNVD-202601-5024 Information

CNNVD ID

CNNVD-202601-5024

Related CVE

CVE-2026-25050

• CNNVD Published: 2026-01-30

Description (Chinese)

Vendure是Vendure开源的一个电子商务框架。 Vendure 3.5.3之前版本存在安全漏洞，该漏洞源于NativeAuthenticationStrategy.authenticate方法存在时间差，可能导致用户名枚举攻击。

Description (English)

Vendure is an e-commerce framework for Vendure open sources. There was a security gap in the previous version of Vendure 3.5.3, which stemmed from the time lag of the NativeAuthentationStrategy.authentity method, which could lead to an attack by a user name.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Vendure

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/vendurehq/vendure/releases/tag/v3.5.3 https://github.com/vendurehq/vendure/security/advisories/GHSA-6f65-4fv2-wwch https://access.redhat.com/security/cve/cve-2026-25050

Patch

https://github.com/vendurehq/vendure/releases