https://blog.qife122.com/tags/%E9%92%A9%E5%AD%90%E6%89%A7%E8%A1%8C/ Recent content in 钩子执行 on 办公AI智能小助手 Hugo zh-cn qife Sun, 04 Jan 2026 01:55:12 +0800 https://blog.qife122.com/p/ash%E6%A1%86%E6%9E%B6%E6%8E%88%E6%9D%83%E6%BC%8F%E6%B4%9E%E8%B0%83%E7%94%A8%E9%92%A9%E5%AD%90%E9%A1%BA%E5%BA%8F%E5%BC%82%E5%B8%B8%E5%AF%BC%E8%87%B4%E7%9A%84%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9%E8%A7%A3%E6%9E%90/ Sun, 04 Jan 2026 01:55:12 +0800 https://blog.qife122.com/p/ash%E6%A1%86%E6%9E%B6%E6%8E%88%E6%9D%83%E6%BC%8F%E6%B4%9E%E8%B0%83%E7%94%A8%E9%92%A9%E5%AD%90%E9%A1%BA%E5%BA%8F%E5%BC%82%E5%B8%B8%E5%AF%BC%E8%87%B4%E7%9A%84%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9%E8%A7%A3%E6%9E%90/ <h1 id="安全漏洞技术分析cve-2025-48042">安全漏洞技术分析：CVE-2025-48042</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>CVE-2025-48042是一个存在于ash-project的Ash框架中的<strong>授权绕过类漏洞</strong>，被归类为&quot;<strong>不正确的授权</strong>&quot;（CWE-863）。该漏洞影响版本为<strong>3.5.38及以下</strong>的所有Ash框架，已通过版本<strong>3.5.39</strong>修复。</p>