8 matches found
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
@askinozgur/do-markdownit-cli (>=0.0.1 <=0.6.0) potentially affected by CVE-2025-59717 via @digitalocean/do-markdownit (=1.17.2)
@digitalocean/do-markdownit NPM version =1.17.2 is affected by a known vulnerability. The following packages have a transitive dependency on @digitalocean/do-markdownit and may be impacted: - @askinozgur/do-markdownit-cli =0.0.1, =0.6.0 Source cves: CVE-2025-59717 Source advisory:...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview @digitalocean/do-markdownit is a Markdown-It plugin for the DigitalOcean Community. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the callout and fenceenvironment plugins when allowedClasses or allowedEnvironments is...
GHSA-2H8J-8R9P-849F @digitalocean/do-markdownit has Type Confusion vulnerability
Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...
@digitalocean/do-markdownit has Type Confusion vulnerability
Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...
do-markdownit 安全漏洞
do-markdownit is an open source plugin from DigitalOcean. A security vulnerability exists in do-markdownit 1.16.1 and earlier versions, which stems from the callout and fenceenvironment plugins performing .includes substring matching on allowedClasses or allowedEnvironments, which could lead to a...
CVE-2025-59717
The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...
PT-2025-38507
Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...