CNNVD-202602-1271 Information
CNNVD ID
CNNVD-202602-1271
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Hollo是Fedify开源的一个微型博客软件。 Hollo 0.6.20之前版本和0.7.2之前版本存在安全漏洞,该漏洞源于私信和仅限关注者可见的帖子通过ActivityPub发件箱端点暴露,可能导致信息泄露。
Description (English)
Hollo is a microblogging software for Fedify. Prior to Hollo 0.6.20 and before 0.7.2, there was a security loophole, which stemmed from private correspondence and visible messages for those of concern only, exposed through the endpoint of the ActivityPub outbox, which could lead to the disclosure of information.
Vulnerability Type
其他
Affected Vendor
Fedify
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/fedify-dev/hollo/commit/329969c502ef092d5c3f9c2c20421c34f4ff0f0e https://github.com/fedify-dev/hollo/releases/tag/0.6.20 https://github.com/fedify-dev/hollo/releases/tag/0.7.2 https://github.com/fedify-dev/hollo/security/advisories/GHSA-6r2w-3pcj-v4v5
Patch
https://github.com/fedify-dev/hollo/releases
Share on: