A logic error in the main summaly
function causes the allowRedirects
option to never be passed to any plugins, and as a result, isn't enforced.
In the main summaly
function, a new scrapingOptions
object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new scrapingOptions
object is not provided the allowRedirects
property of opts
.
allowRedirects: false
.Misskey will follow redirects, despite explicitly requesting not to.
{ "github_reviewed_at": "2025-05-05T17:03:20Z", "cwe_ids": [ "CWE-601", "CWE-665", "CWE-669", "CWE-693" ], "nvd_published_at": "2025-05-05T19:15:56Z", "severity": "LOW", "github_reviewed": true }