Infinite loop Affecting @fedify/fedify package, versions <1.0.14>=1.1.0 <1.1.11>=1.2.0 <1.2.11>=1.3.0 <1.3.4
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-FEDIFYFEDIFY-8649527
- published22 Jan 2025
- disclosed20 Jan 2025
- creditnnfrog
Introduced: 20 Jan 2025
NewCVE-2025-23221 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade @fedify/fedify to version 1.0.14, 1.1.11, 1.2.11, 1.3.4 or higher.
Overview
@fedify/fedify is an An ActivityPub server framework
Affected versions of this package are vulnerable to Infinite loop via the Webfinger mechanism which allows a user to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms.