Lucene search
K

94 matches found

CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Fedify 安全漏洞

Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify versions prior to 1.6.13, 1.7.14, 1.8.15, and 1.9.2, which stems from a regular...

7.5CVSS6.3AI score0.00481EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52723

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.6.13 Fedify versions prior to 1.7.14 Fedify versions prior to 1.8.15 Fedify versions prior to 1.9.2 Description Fedify is a TypeScript library used for building federated server applications based on ActivityPub. A...

7.5CVSS6.5AI score0.00481EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24039

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00707EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2391

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.006EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/11 2:30 a.m.11 views

CVE-2025-54888

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

8.7CVSS7.1AI score0.00707EPSS
Exploits0References1
NVD
NVD
added 2025/08/09 2:15 a.m.6 views

CVE-2025-54888

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

8.7CVSS0.00707EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/09 1:46 a.m.7 views

@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-54888 via @fedify/fedify (=1.8.1-dev.1262)

@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

8.7CVSS5.8AI score0.00707EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/09 1:46 a.m.7 views

@fedify/amqp (=0.2.0-dev.12), @fedify/postgres (>=0.3.0 <=0.3.0-dev.22) +1 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.5.0-dev.732 <=1.5.0)

@fedify/fedify NPM version =1.5.0-dev.732, =0.3.0, =0.4.0, =0.4.0-dev.19 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

8.7CVSS5.8AI score0.00707EPSS
Exploits0
Snyk
Snyk
added 2025/08/09 1:46 a.m.3 views

Improper Authentication

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Improper Authentication via the handleInboxInternal function in the federation/handler.ts file. An attacker can impersonate any actor across all instances by sending forged activities...

8.7CVSS6.9AI score0.00707EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/09 1:31 a.m.3 views

CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

8.7CVSS7.4AI score0.00707EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/09 1:31 a.m.10 views

CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

8.7CVSS0.00707EPSS
Exploits0References2
CVE
CVE
added 2025/08/09 1:31 a.m.33 views

CVE-2025-54888

Fedify vulnerability CVE-2025-54888 is an authentication bypass in handleInboxInternal that lets an attacker impersonate any ActivityPub actor by sending forged activities signed with their own keys. The flaw processes an activity before verifying the signer’s ownership of the actor, enabling imp...

8.7CVSS7AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2025/08/09 1:31 a.m.7 views

CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

8.7CVSS6.8AI score0.00707EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.3 views

Fedify 安全漏洞

Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify that stems from an authentication bypass that could lead to arbitrary ActivityPub role...

8.7CVSS6.7AI score0.00707EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/08/08 2:29 p.m.5 views

@fedify/amqp (=0.2.0-dev.12), @fedify/postgres (>=0.3.0 <=0.3.0-dev.22) +1 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.5.0-dev.732 <=1.5.0)

@fedify/fedify NPM version =1.5.0-dev.732, =0.3.0, =0.4.0, =0.4.0-dev.19 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

8.7CVSS5.8AI score0.00707EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/08 2:29 p.m.6 views

@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-54888 via @fedify/fedify (=1.8.1-dev.1262)

@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

8.7CVSS5.8AI score0.00707EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/08 2:29 p.m.8 views

@fedify/fedify has Improper Authentication and Incorrect Authorization

Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor...

8.7CVSS6.7AI score0.00707EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.4 views

Hollo 安全漏洞

Hollo is a micro-blogging software from Fedify Open Source. A security vulnerability exists in versions of Hollo prior to 0.6.5 that stems from allowing submission of HTML form elements, which may result in HTML injection...

6.1CVSS6.5AI score0.00227EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/28 4:20 a.m.6 views

Server-Side Request Forgery (SSRF)

Fedify is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the Webfinger mechanism, allowing attackers to perform GET requests to internal resources, cause denial of service via infinite loops, or execute blind SSRF attacks...

5.4CVSS7AI score0.00572EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/01/21 7:58 p.m.5 views

GHSA-C59P-WQ67-24WX Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify

Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...

5.4CVSS5.7AI score0.00572EPSS
Exploits0References6
Rows per page
Query Builder