mirror of
https://github.com/reconurge/flowsint.git
synced 2026-07-16 00:52:35 -05:00
[PR #161] [CLOSED] fix: upgrade linkifyjs to 4.3.2 (CVE-2025-8101) #3541
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/reconurge/flowsint/pull/161
Author: @orbisai0security
Created: 6/3/2026
Status: ❌ Closed
Base:
main← Head:fix-cve-2025-8101-flowsint-app-yarn-lock📝 Commits (1)
53dd34efix: upgrade linkifyjs to 4.3.2 (CVE-2025-8101)📊 Changes
2 files changed (+2 additions, -1 deletions)
View changed files
📝
flowsint-app/package.json(+1 -0)📝
yarn.lock(+1 -1)📄 Description
Summary
Upgrade linkifyjs from 4.3.1 to 4.3.2 to fix CVE-2025-8101.
Vulnerability
CVE-2025-8101flowsint-app/yarn.lockDescription: linkifyjs: Linkify Prototype Pollution
Evidence
Scanner confirmation: trivy rule
CVE-2025-8101flagged this pattern.Production code: This file is in the production codebase, not test-only code.
Threat Model Context
This is a Node.js library - vulnerabilities affect downstream consumers who use this package.
Changes
flowsint-app/package.jsonyarn.lockVerification
This change addresses a pattern flagged by static analysis. The code path handles user-influenced input and the fix reduces the attack surface against both manual and automated exploitation.
Automated security fix by OrbisAI Security
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.