[Git][security-tracker-team/security-tracker][master] lts: triage CVE-2025-7969/node-markdown-it
Daniel Leidert (@dleidert)
dleidert at debian.org
Sun Aug 24 00:34:03 BST 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
678cc89c by Daniel Leidert at 2025-08-24T01:31:43+02:00
lts: triage CVE-2025-7969/node-markdown-it
Upstream disputes issue. Add links to Github issue and advisory.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -628,6 +628,9 @@ CVE-2025-8064 (The Bible SuperSearch plugin for WordPress is vulnerable to Store
CVE-2025-7969 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- node-markdown-it <unfixed>
TODO: check upstream details
+ NOTE: https://fluidattacks.com/advisories/fito
+ NOTE: https://github.com/markdown-it/markdown-it/issues/1122
+ NOTE: Upstream disputes issue
CVE-2025-7051 (On N-central, it is possible for any authenticated user to read, write ...)
NOT-FOR-US: N-central
CVE-2025-6465 (Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/678cc89c138ab1a158e3907d6ed962fac5f492ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/678cc89c138ab1a158e3907d6ed962fac5f492ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250823/ae3e6177/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list