CNNVD-202508-803 Information
Aug 09, 2025
cve
CNNVD ID
CNNVD-202508-803
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
Fedify是Hong Minhee个人开发者的一个 TypeScript 库。用于构建由 ActivityPub 和其他标准支持的联邦服务器应用程序。 Fedify存在安全漏洞,该漏洞源于身份验证绕过,可能导致任意ActivityPub角色冒充。
Description (English)
Fedify is a TypeScript library of Hong Minhee personal developers. A federal server application supported by ActivityPub and other standards. There is a security loophole in Fedify, which stems from the circumvention of the identification, which could lead to the impersonation of an arbitrary ActivityPub role.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-09
Last Modified
2026-02-24
References
https://github.com/fedify-dev/fedify/commit/226d9b84dbec52172a70138bba8861454afde42b https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4 https://access.redhat.com/security/cve/cve-2025-54888
Patch
https://github.com/fedify-dev/fedify/releases
Share on: