Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66400

Опубликовано: 01 дек. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

A flaw was found in mdast-util-to-hast. This vulnerability allows rendered user supplied markdown (Markdown) code elements to appear like the rest of the page via character references.

Отчет

This vulnerability is rated Moderate for Red Hat products. The mdast-util-to-hast library, in versions 13.0.0 to before 13.2.1, allows unsanitized class attributes in user-supplied markdown. This could enable an attacker to alter the visual presentation of rendered markdown code elements, potentially leading to user interface spoofing.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Gatekeeper 3gatekeeper/gatekeeper-rhel9Fix deferred
Migration Toolkit for Applications 7mta/mta-ui-rhel9Fix deferred
Migration Toolkit for Applications 8mta/mta-ui-rhel9Fix deferred
OpenShift Lightspeedopenshift-lightspeed/lightspeed-console-plugin-pf5-rhel9Fix deferred
OpenShift Lightspeedopenshift-lightspeed/lightspeed-console-plugin-rhel9Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel8Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel9Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-db-migration-rhel8Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-db-migration-rhel9Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-ui-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2418157mdast-util-to-hast: mdast-util-to-hast: Markdown code elements can appear as regular page content

EPSS

Процентиль: 26%
0.00093
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-66400

CVSS3: 5.3
nvd
4 месяца назад

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

github логотип

GHSA-4fh9-h7wg-q85m

CVSS3: 5.3
github
4 месяца назад

mdast-util-to-hast has unsanitized class attribute

EPSS

Процентиль: 26%
0.00093
Низкий

5.3 Medium

CVSS3