Transmission of Private Resources into a New Sphere ('Resource Leak') Affecting stardict package, versions [0,]

Q: How to fix?

There is no fixed version for stardict .

Threat Intelligence

0.07% (22^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-STARDICT-12179365
published25 Aug 2025
disclosed4 Aug 2025
creditVincent Lefevre

Report a new vulnerability Found a mistake?

Introduced: 4 Aug 2025

CVE-2025-55014 (opens in a new tab) CWE-402 (opens in a new tab)

How to fix?

There is no fixed version for stardict.

Overview

Affected versions of this package are vulnerable to Transmission of Private Resources into a New Sphere ('Resource Leak') via the YouDao plugin, which transmits X11 selection data to external servers over unencrypted HTTP. An attacker can intercept sensitive information by performing network traffic monitoring.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
Low
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None