Low severityNVD Advisory· Published May 5, 2025· Updated May 5, 2025
@misskey-dev/summaly Redirect Filter Bypass
CVE-2025-46553
Description
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@misskey-dev/summalynpm | >= 3.0.1, < 5.2.1 | 5.2.1 |
Affected products
2- misskey-dev/summalyv5Range: >= 3.0.1, < 5.2.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-7899-w6c4-vqc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46553ghsaADVISORY
- github.com/misskey-dev/summaly/commit/45153b4f08a772c395a13f7a25399dd87ed022edghsax_refsource_MISCWEB
- github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.