2 matches found
CVE-2025-12613
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...
1batch (=1.0.0), 47pages-keystone (>=0.0.1 <=0.0.5) +810 more potentially affected by CVE-2025-12613 via cloudinary (>=1.0.13 <=2.6.1)
cloudinary NPM version =1.0.13, =0.0.1, =1.0.2, =1.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.0.28, =0.0.3, =3.7.0, =3.19.3 and more Source cves: CVE-2025-12613 Source advisory: OSV:GHSA-G4MF-96X5-5M2C...