CVE-2025-67844
- EPSS 0.05%
- Veröffentlicht 19.12.2025 02:16:09
- Zuletzt bearbeitet 02.01.2026 16:10:46
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during...
CVE-2025-67845
- EPSS 0.14%
- Veröffentlicht 19.12.2025 02:16:09
- Zuletzt bearbeitet 02.01.2026 15:52:40
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.
CVE-2025-67846
- EPSS 0.06%
- Veröffentlicht 19.12.2025 02:16:09
- Zuletzt bearbeitet 02.01.2026 15:46:16
The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the UR...
CVE-2025-67842
- EPSS 0.08%
- Veröffentlicht 19.12.2025 02:16:08
- Zuletzt bearbeitet 02.01.2026 16:01:50
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.
CVE-2025-67843
- EPSS 0.42%
- Veröffentlicht 19.12.2025 02:16:08
- Zuletzt bearbeitet 02.01.2026 16:07:45
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.