CVE-2025-1007
Essential information
- Published
- 19/02/2025 09:15
- Modified
- 19/02/2025 09:15
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
In OpenVSX version v0.9.0 to v0.20.0, the
/user/namespace/{namespace}/details API allows a user to edit all
namespace details, even if the user is not a namespace Owner or
Contributor. The details include: name, description, website, support
link and social media links. The same issues existed in
/user/namespace/{namespace}/details/logo and allowed a user to change
the logo.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD