Skip to content

Commit 7856c10

Browse files
github-actions[bot]github-actions[bot]
committed
Move new vulnerability to vulnerabilities/AIKIDO-2025-10658.json and reset new.json template
1 parent f51c6e3 commit 7856c10

File tree

2 files changed

+48
-31
lines changed

2 files changed

+48
-31
lines changed

input/new.json

Lines changed: 12 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,15 @@
11
{
2-
"package_name": "ammonia",
3-
"patch_versions": [
4-
"4.1.2",
5-
"4.0.1",
6-
"3.3.1"
7-
],
8-
"vulnerable_ranges": [
9-
[
10-
"4.1.0",
11-
"4.1.1"
12-
],
13-
[
14-
"4.0.0",
15-
"4.0.0"
16-
],
17-
[
18-
"3.0.0",
19-
"3.3.0"
20-
]
21-
],
22-
"cwe": [
23-
"CWE-79"
24-
],
25-
"tldr": "Affected versions of this package are vulnerable to a mutation cross-site scripting (mXSS), which arises when DOM cleanup operations inadvertently cause namespace changes, potentially reintroducing malicious elements or attributes that bypass sanitization. This vulnerability allows an attacker to exploit it by crafting input that triggers these namespace switches during processing, leading to the execution of arbitrary JavaScript in the user's context.",
26-
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
27-
"how_to_fix": "Upgrade the `ammonia` library to the patch version.",
28-
"vulnerable_to": "Cross-Site Scripting (XSS)",
2+
"package_name": "",
3+
"patch_versions": [],
4+
"vulnerable_ranges": [],
5+
"cwe": [],
6+
"tldr": "",
7+
"doest_this_affect_me": "",
8+
"how_to_fix": "",
9+
"vulnerable_to": "",
2910
"related_cve_id": "",
30-
"language": "Rust",
31-
"severity_class": "MEDIUM",
32-
"aikido_score": 40,
33-
"changelog": "https://github.com/rust-ammonia/ammonia/releases/tag/v4.1.2"
11+
"language": "",
12+
"severity_class": "",
13+
"aikido_score": 0,
14+
"changelog": ""
3415
}

vulnerabilities/AIKIDO-2025-10658.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"package_name": "ammonia",
3+
"patch_versions": [
4+
"4.1.2",
5+
"4.0.1",
6+
"3.3.1"
7+
],
8+
"vulnerable_ranges": [
9+
[
10+
"4.1.0",
11+
"4.1.1"
12+
],
13+
[
14+
"4.0.0",
15+
"4.0.0"
16+
],
17+
[
18+
"3.0.0",
19+
"3.3.0"
20+
]
21+
],
22+
"cwe": [
23+
"CWE-79"
24+
],
25+
"tldr": "Affected versions of this package are vulnerable to a mutation cross-site scripting (mXSS), which arises when DOM cleanup operations inadvertently cause namespace changes, potentially reintroducing malicious elements or attributes that bypass sanitization. This vulnerability allows an attacker to exploit it by crafting input that triggers these namespace switches during processing, leading to the execution of arbitrary JavaScript in the user's context.",
26+
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
27+
"how_to_fix": "Upgrade the `ammonia` library to the patch version.",
28+
"vulnerable_to": "Cross-Site Scripting (XSS)",
29+
"related_cve_id": "",
30+
"language": "Rust",
31+
"severity_class": "MEDIUM",
32+
"aikido_score": 40,
33+
"changelog": "https://github.com/rust-ammonia/ammonia/releases/tag/v4.1.2",
34+
"last_modified": "2025-10-02",
35+
"published": "2025-10-02"
36+
}

0 commit comments

Comments
 (0)