CNNVD-202512-3740 Information

CNNVD ID

CNNVD-202512-3740

Related CVE

CVE-2025-67842

• CNNVD Published: 2025-12-19

Description (Chinese)

Mintlify是美国Mintlify公司的一个AI驱动的文档平台。 Mintlify 2025-11-15之前版本存在安全漏洞，该漏洞源于Static Asset API中subdomain参数未正确验证，可能导致任意Web脚本或HTML注入。

Description (English)

Mintlifty is an AI-driven document platform for Mintlifty in the United States. There is a security loophole in the pre-Mintlifty 2025-11-15 version, which stems from the incorrect verification of subdomain parameters in the Static Assembly API, which may lead to any type of Web script or HTML injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mintlify

Published

2025-12-19

Last Modified

2026-02-24

References

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28 https://heartbreak.ing https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog https://access.redhat.com/security/cve/cve-2025-67842

Patch

https://www.mintlify.com/