CNNVD-202509-3044 Information

Sep 19, 2025 cve

CNNVD ID

CNNVD-202509-3044

CVE-2025-59717

CNNVD Published: 2025-09-19

Description (Chinese)

do-markdownit是DigitalOcean开源的一个插件。 do-markdownit 1.16.1及之前版本存在安全漏洞，该漏洞源于callout和fence_environment插件对allowedClasses或allowedEnvironments执行.includes子字符串匹配，可能导致安全绕过。

Description (English)

Do-markdownit is an open-source plugin for DigitalOcean. There is a security loophole in the do-markdownit 1.16.1 and earlier versions, which stems from the fact that the callout and fence environment plugins match the alllowedClasses or allowedEnvironments.includs substrings that may lead to a safe bypass.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Dígitro

Published

2025-09-19

Last Modified

2026-02-24

References

https://gist.github.com/thesmartshadow/dd19665f1f51a4e3c7a766e70c9eafd0 https://github.com/digitalocean/do-markdownit https://www.npmjs.com/package/@digitalocean/do-markdownit https://access.redhat.com/security/cve/cve-2025-59717

Share on: