CNNVD-202602-444 Information

CNNVD ID

CNNVD-202602-444

Related CVE

CVE-2025-65017

• CNNVD Published: 2026-02-03

Description (Chinese)

Decidim是Decidim开源的一个参与式民主框架，用 Ruby on Rails 编写。 Decidim 0.30.0版本至0.30.4之前版本和0.31.0.rc1版本至0.31.0之前版本存在安全漏洞，该漏洞源于私有数据导出功能存在UUID碰撞，可能导致数据泄露。

Description (English)

Decidim is a participatory democratic framework open to Decidim, written by Ruby on Railways. There is a security loophole in the pre-Dedim 0.30.0 to 0.30.4 and pre-0.31.rc1 to 0.31.0, which stems from the UUID collision of the private data export function, which may lead to data leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Decidim

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/decidim/decidim/security/advisories/GHSA-3cx6-j9j4-54mp https://github.com/decidim/decidim/pull/13571 https://github.com/decidim/decidim/releases/tag/v0.30.4 https://github.com/decidim/decidim/releases/tag/v0.31.0 https://access.redhat.com/security/cve/cve-2025-65017

Patch

https://decidim.org/