Back to search
CVE-2025-1007
Published: Feb 19, 2025
Modified: Feb 19, 2025
PUBLISHED
Description
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.
| Vendor | Product | Versions |
|---|---|---|
Eclipse Foundation | OpenVSX | affected 0.9.0 - <= 0.20.0unaffected 0.19.1 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now