CVE-2025-23221

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...

@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-68475 via @fedify/fedify (=1.8.1-dev.1262)

@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-68475 Source advisory: OSV:GHSA-RCHF-XWX2-HM93...

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2025-68475 via @fedify/fedify (>=0.10.2 <=1.5.0)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-68475 Source advisory: OSV:GHSA-RCHF-XWX2-HM93...

Fedify 安全漏洞

Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify versions prior to 1.6.13, 1.7.14, 1.8.15, and 1.9.2, which stems from a regular...

EUVD-2024-2391

Malicious code in bioql PyPI...

CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

CVE-2025-54888 @fedify/fedify: Improper Authentication and Incorrect Authorization

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

CVE-2025-23221

Summary: CVE-2025-23221 affects Fedify’s Webfinger handling, enabling an attacker to abuse lookupWebFinger to trigger an endless redirect loop and potential Blind SSRF, leading to Denial of Service. Multiple sources (Red Hat, NVD/NVD-like entries, OSV, GHSA advisories, Veracode) describe the issu...

CVE-2025-23221 Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...