Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2025/09/21 12:11 a.m.32 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS6.7AI score0.00361EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/09/19 6:31 a.m.8 views

@digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

9.8CVSS6.7AI score0.00361EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/09/19 4:16 a.m.4 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

9.8CVSS0.00361EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/19 12:0 a.m.9 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS0.00361EPSS
Exploits1References3
OSV
OSV
added 2025/09/19 12:0 a.m.5 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS6.8AI score0.00361EPSS
Exploits1References5
CVE
CVE
added 2025/09/19 12:0 a.m.21 views

CVE-2025-59717

The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...

9.8CVSS6.5AI score0.00361EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.10 views

PT-2025-38507

Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...

9.8CVSS6.4AI score0.00361EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2025/08/20 3:31 p.m.11 views

elysia-cors Origin Validation Error

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...

6.5CVSS7.1AI score0.00442EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.6 views

Suse Check_smart 输入验证错误漏洞

Suse Checksmart is a monitoring plugin from Suse Luxembourg. It is used to monitor the value of the Smart Self-Monitoring, Analysis and Reporting Technology attribute of hard and solid state drives in the background using Smartmontool's Smartctl. A security vulnerability exists in versions of...

7.1CVSS7.1AI score0.00377EPSS
Exploits1References5
Rows per page
Query Builder