VYPR

npm package

@steipete/summarize

pkg:npm/%40steipete/summarize

Vulnerabilities (4)

  • CVE-2026-45245HigMay 18, 2026
    affected < 0.15.1fixed 0.15.1

    Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying eve

  • CVE-2026-45244MedMay 18, 2026
    affected < 0.15.0fixed 0.15.0

    Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summar

  • CVE-2026-45243MedMay 18, 2026
    affected < 0.15.0fixed 0.15.0

    Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers

  • CVE-2026-45242HigMay 18, 2026
    affected < 0.15.0fixed 0.15.0

    Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attac