CNNVD-202601-833 Information

CNNVD ID

CNNVD-202601-833

Related CVE

CVE-2025-64419

• CNNVD Published: 2026-01-05

Description (Chinese)

Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.445之前版本存在命令注入漏洞，该漏洞源于docker-compose.yaml参数清理不当，可能导致命令执行。

Description (English)

Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify 4.0.0-beta.445 had an order-injecting loophole, which stemmed from the inappropriate clean-up of the docker-compose.yaml parameters, which could lead to the order being executed.

Hazard Level

Low

Vulnerability Type

命令注入

Affected Vendor

coolLabs

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/coollabsio/coolify/commit/f86ccfaa9af572a5487da8ea46b0a125a4854cf6 https://github.com/coollabsio/coolify/security/advisories/GHSA-234r-xrrg-m8f3

Patch

https://github.com/coollabsio/coolify/releases