Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8101

Опубликовано: 25 июл. 2025
Источник: redhat
CVSS3: 8.6

Описание

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

A prototype pollution vulnerability was found in Linkify. This vulnerability allows an attacker to inject HTML attributes and manipulate user-controlled variables.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Serverlessopenshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8Not affected
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Not affected
Red Hat Developer Hubrhdh/rhdh-rhel9-operatorNot affected

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=2383589linkifyjs: Linkify Prototype Pollution

8.6 High

CVSS3

Связанные уязвимости

nvd
9 дней назад

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

debian
9 дней назад

Improperly Controlled Modification of Object Prototype Attributes ('Pr ...

github
9 дней назад

Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)

8.6 High

CVSS3