Hackermon

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** The Static Asset API in Mintlify Platform is susceptible to a cross-tenant asset injection issue. This allows remote attackers to inject arbitrary web script or HTML through manipulation of the `subdomain` parameter. Specifically, assets belonging to one tenant can be served on another tenant's documentation site. **Recommendations** Update Mintlify Platform to version 2025-11-15 or later.

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows attackers to bypass security patches and execute downgrade attacks. This is possible through predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment containing unpatched vulnerabilities and force the application to load the vulnerable version by directly accessing the specific git-ref or deployment-id subdomain. **Recommendations** Update Mintlify Platform to version 2025-11-15 or later.