Security Advisory

CVE-2025-46553

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-05 18:28:50
Last updated 2025-05-05 18:50:42
Assigner GitHub_M
State PUBLISHED

Description

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isnt enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.