Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints
Vulnerability Description
PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session existence — it does not check SharedPdf.inactive (expiration / max views) or SharedPdf.deleted. The Serve and Download endpoints rely solely on this function, allowing previously-authorized users to access shared PDF content after expiration, view limit, or soft-deletion. This issue has been patched in version 1.7.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
PdfDing 安全漏洞
Vulnerability Description
PdfDing是mrmn个人开发者的一个自托管的PDF管理、查看和编辑工具。 PdfDing 1.7.1之前版本存在安全漏洞,该漏洞源于共享访问验证不充分,可能导致已授权用户在过期、达到查看限制或软删除后仍能访问共享PDF内容。
CVSS Information
N/A
Vulnerability Type
N/A