CVE-2026-58488 in HedgeDoc정보

요약

\~에 의해 MITRE • 2026. 07. 14.

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Versions prior to 1.11.0 allowed attackers to circumvent the rate-limiting of the /login and /register routes by spoofing IP addresses. HedgeDoc instances checked for CloudFlare's cf-connecting-ip header and used that instead of the users real IP address, if the header was present even when the request did not originate from Cloudflare. This made it possible for an attacker to spam login requests or create multiple arbitrary accounts by sending another cf-connecting-ip header every few requests. The issue has been fixed in version 1.11.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

GitHub M

예약하다

2026. 06. 30.

모더레이션

수락

항목

VDB-378183

EPSS

0.00295

활동

낮음

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!