ROOT-APP-NPM-CVE-2025-8101 CVE-2025-8101 in @rootio/linkifyjs - Patched by Root

Root has patched CVE-2025-8101 in the @rootio/linkifyjs package for Root:npm. Multiple fixed versions available...

SUSE CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

org.webjars.npm:tiptap__extension-link (>=2.0.0-beta.199 <=2.0.0-beta.202) potentially affected by CVE-2025-8101 via org.webjars.npm:linkifyjs (=4.0.0-beta.6)

org.webjars.npm:linkifyjs MAVEN version =4.0.0-beta.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:linkifyjs and may be impacted: - org.webjars.npm:tiptapextension-link =2.0.0-beta.199, =2.0.0-beta.202 Source cves: CVE-2025-8101 Sour...

@a.agiir/cinny (>=0.0.1 <=0.0.2), @a1tan/plugin-azure-openai (=0.4.0) +1203 more potentially affected by CVE-2025-8101 via linkifyjs (>=2.1.4 <=4.3.1)

linkifyjs NPM version =2.1.4, =0.0.1, =0.1.0, =0.1.0, =3.0.0, =0.4.1, =2.6.1, =0.1.1, =0.0.2, =0.25.0, =0.43.0 - @ajinkya-harness/backstage-ci-cd-test =0.9.0 - @alican.kuklaci/console-feed =3.5.0 - @alithya-oss/backstage-plugin-amazon-ecs =0.4.8 - @alithya-oss/backstage-plugin-aws-codebuild =0.5....

@a.agiir/cinny (>=0.0.1 <=0.0.2), @a1tan/plugin-azure-openai (=0.4.0) +802 more potentially affected by CVE-2025-8101 via linkifyjs (>=4.0.0-beta.4 <=4.3.1)

linkifyjs NPM version =4.0.0-beta.4, =0.0.1, =0.1.0, =0.1.0, =1.0.0, =0.1.8, =0.1.10 - @alithya-oss/backstage-plugin-rag-ai =1.2.7 - @alithya-oss/backstage-plugin-time-saver =1.4.5 and more Source cves: CVE-2025-8101 Source advisory: SNYK:JS-LINKIFYJS-11502189...

Prototype Pollution

Overview org.webjars.npm:linkifyjs is a Find URLs, email addresses, hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal assign helper due to improper filtering of the proto...

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...