CNNVD-202602-334 Information

CNNVD ID

CNNVD-202602-334

Related CVE

CVE-2025-70849

• CNNVD Published: 2026-02-03

Description (Chinese)

podinfo是Stefan Prodan个人开发者的一个Kubernetes的微服务模板。 podinfo 6.9.0及之前版本存在安全漏洞，该漏洞源于未经验证的攻击者可通过特制POST请求上传任意文件，且应用渲染上传内容时缺乏限制性内容安全策略或充分的内容类型验证，可能导致存储型跨站脚本攻击。

Description (English)

Podinfo is a microservice template for Kubernetes by Stefan Prodan personal developers. There is a security loophole in podinfo 6.9.0 and earlier versions, which stems from the fact that unverified assailants can request the uploading of an arbitrary document through a specially designed POST, and that the application of a restricted content security strategy or sufficient content type verification when reproducing the content may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-03

Last Modified

2026-02-24

References

https://gist.github.com/kazisabu/27f3e272f474005001a9ecd2c258dbea