CNNVD-202602-1892 Information

CNNVD ID

CNNVD-202602-1892

Related CVE

CVE-2025-69871

• CNNVD Published: 2026-02-11

Description (Chinese)

Medusa是pyMedusa开源的一个电视节目的自动视频库管理器。 Medusa 2.12.2及之前版本存在安全漏洞，该漏洞源于促销模块的registerUsage函数存在竞争条件，可能导致未经身份验证的远程攻击者绕过使用限制。

Description (English)

Medusa is an automated video library manager for a television programme open to pyMedusa. Medusa 2.12.2 and previous versions had a security loophole, which stemmed from competitive conditions in the register Usage function of the promotional module, which could lead to unidentified remote assailants circumventing restrictions.

Vulnerability Type

其他

Affected Vendor

pyMedusa

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69871-MedusaJS-TOCTOU.md https://github.com/medusajs/medusa https://github.com/medusajs/medusa/pull/13760

Patch

https://github.com/medusajs/medusa/releases