Skip to content

Commit b07061e

Browse files
1 parent 6da3bb5 commit b07061e

1 file changed

Lines changed: 10 additions & 3 deletions

File tree

advisories/github-reviewed/2025/07/GHSA-95jq-xph2-cx9h/GHSA-95jq-xph2-cx9h.json

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-95jq-xph2-cx9h",
4-
"modified": "2026-01-22T13:51:31Z",
4+
"modified": "2026-06-26T20:26:11Z",
55
"published": "2025-07-26T00:30:32Z",
66
"aliases": [
77
"CVE-2025-8101"
88
],
99
"summary": "Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)",
10-
"details": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.",
10+
"details": "Prototype Pollution in internal `assign()` helper in Linkify allows remote attackers to execute arbitrary JavaScript (Stored or Reflected XSS) via injection of event handlers through unfiltered proto property. This issue affects Linkify version 4.3.1 and is fixed in 4.3.2.",
1111
"severity": [
1212
{
1313
"type": "CVSS_V4",
@@ -25,13 +25,16 @@
2525
"type": "ECOSYSTEM",
2626
"events": [
2727
{
28-
"introduced": "0"
28+
"introduced": "4.3.1"
2929
},
3030
{
3131
"fixed": "4.3.2"
3232
}
3333
]
3434
}
35+
],
36+
"versions": [
37+
"4.3.1"
3538
]
3639
}
3740
],
@@ -40,6 +43,10 @@
4043
"type": "ADVISORY",
4144
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8101"
4245
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/nfrasser/linkifyjs/commit/931d3e28b68951b8f898ea4d6504696346b485b0"
49+
},
4350
{
4451
"type": "WEB",
4552
"url": "https://caverav.cl/posts/linkify-xss/linkify-xss"

0 commit comments

Comments
 (0)