Cloudinary
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:cloudinary:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Cloudinary (2cd8e056-d4a8-5904-bedb-c27be9df5018) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-12613 |
vulnerable | 2026-06-08 07:04:30.521716 |
Details available
HIGH (8.6)
Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior.
**Note:**
Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven't received a response.
Published: 2025-11-10T05:00:08.814Z
Updated: 2025-11-10T16:00:21.663Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.