CVE-2022-25849

Name of the Vulnerable Software and Affected Versions joyqi/hyper-down versions 0.0.0 and later

Description The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting (XSS). There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For joyqi/hyper-down versions 0.0.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the markdown parsing module until a patch is available. Restrict access to the href attribute in the markdown parser to minimize the risk of exploitation. Avoid using the href attribute in the affected markdown parser until the issue is resolved.