CVE-2025-68475 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Express…
High CVSS: 7.5

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.
Vendor
Fedify
Product
Fedify
CWE
CWE-1333
Yayın Tarihi
2025-12-22 22:16:09
Güncelleme
2026-03-17 19:39:32
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1333 Fedify HIGH Fedify 2025

Referanslar

https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779 https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a https://github.com/fedify-dev/fedify/releases/tag/1.6.13 https://github.com/fedify-dev/fedify/releases/tag/1.7.14 https://github.com/fedify-dev/fedify/releases/tag/1.8.15 https://github.com/fedify-dev/fedify/releases/tag/1.9.2 https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93