Toxyzeva

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** A Server-Side Template Injection (SSTI) flaw exists in the MDX Rendering Engine of Mintlify Platform. This issue allows remote attackers to execute arbitrary code through inline JSX expressions within an MDX file. The vulnerability is related to the processing of MDX files and the rendering of JSX expressions. SSTI occurs when user-supplied input is incorporated into a server-side template without proper sanitization, allowing an attacker to inject malicious code that is then executed by the server. **Recommendations** Update Mintlify Platform to a version released on or after 2025-11-15.

**Name of the Vulnerable Software and Affected Versions** Mintlify Platform versions prior to 2025-11-15 **Description** A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing path traversal sequences. The endpoint vulnerable to this issue is the `/static` asset proxy endpoint. The vulnerability involves manipulating the URL to access files outside the intended directory. **Recommendations** Update Mintlify Platform to version 2025-11-15 or later.