本ページは osc open_ondemand に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-26002 | Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible. | [email protected] | 6.3 | 0.53% | 2026-03-04 | 2026-06-17 |
| CVE-2025-66029 | Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to it. Maintainers anticipate a patch in a 4.1 release. Workarounds exist for 4.0.x versions. Using `custom_location_directives` in `ood_portal.yml` in version 4.0.x (not available for versions below 4.0) c | [email protected] | 7.6 | 0.17% | 2025-12-17 | 2026-06-17 |
| CVE-2020-36247 | Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | [email protected] | 8.8 | 0.43% | 2021-02-19 | 2026-06-16 |