CVE-2025-46553

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46553

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46553.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46553

Aliases

GHSA-7899-w6c4-vqc4

Published

2025-05-05T19:15:56Z

Modified

2025-07-29T11:23:08.383683Z

Summary

[none]

Details

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.

References

Affected packages

Git / github.com/misskey-dev/summaly

Affected ranges

Type: GIT
Repo: https://github.com/misskey-dev/summaly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

45153b4f08a772c395a13f7a25399dd87ed022ed

Affected versions

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.1.0

5.2.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v4.*

v4.0.0

v4.0.1

v4.0.2