CNNVD-202512-026 Information
CNNVD ID
CNNVD-202512-026
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
mdast-util-to-hast是syntax-tree开源的一个将mdast转化为has的实用程序。 mdast-util-to-hast 13.2.1之前版本存在安全漏洞,该漏洞源于类名处理不当,可能导致渲染问题。
Description (English)
mdast-util-to-hast is a practical program to convert mdast to Has from syntax-tree open source. There was a security loophole in the pre-mdast-util-to-hast version of 13.2.1, which stemmed from mishandling of a class name, which could lead to problems of rendering.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
syntax-tree
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7 https://github.com/syntax-tree/mdast-util-to-hast/commit/6fc783ae6abdeb798fd5a68e7f3f21411dde7403 https://github.com/syntax-tree/mdast-util-to-hast/security/advisories/GHSA-4fh9-h7wg-q85m https://access.redhat.com/security/cve/cve-2025-66400
Patch
https://github.com/syntax-tree/mdast-util-to-hast/releases
Share on: