POC详情: 2a69d00e6c1429137e6b895dcee3245f0561c4f5

来源
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53624.yaml
关联漏洞
标题: Docusaurus gists plugin 信息泄露漏洞 (CVE-2025-53624)
描述:Docusaurus gists plugin是Webber Takken个人开发者的一个自动化插件。 Docusaurus gists plugin 4.0.0之前版本存在信息泄露漏洞,该漏洞源于GitHub令牌泄露,可能导致凭据泄露。
描述
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code.
文件快照

 id: CVE-2025-53624

info:
  name: Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exp

...
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。