CNNVD-202512-3907 Information
CNNVD ID
CNNVD-202512-3907
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
Fedify是Hong Minhee个人开发者的一个 TypeScript 库。用于构建由 ActivityPub 和其他标准支持的联邦服务器应用程序。 Fedify 1.6.13之前版本、1.7.14之前版本、1.8.15之前版本和1.9.2之前版本存在安全漏洞,该漏洞源于HTML解析正则表达式存在正则表达式拒绝服务问题。
Description (English)
Fedify is a TypeScript library of Hong Minhee personal developers. A federal server application supported by ActivityPub and other standards. There is a security loophole in the previous version of Fedify 1.6.13, the previous version of 1.7.14, the previous version of 1.8.15 and the previous version of 1.9.2, which stems from the regular expression of refusal of service by HTML.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-22
Last Modified
2026-02-24
References
https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779 https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a https://github.com/fedify-dev/fedify/releases/tag/1.9.2 https://github.com/fedify-dev/fedify/releases/tag/1.6.13 https://github.com/fedify-dev/fedify/releases/tag/1.7.14 https://github.com/fedify-dev/fedify/releases/tag/1.8.15 https://access.redhat.com/security/cve/cve-2025-68475
Patch
https://github.com/fedify-dev/fedify/releases
Share on: