Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-53624 PoC — Docusaurus gists plugin 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53624.yaml
Associated Vulnerability
Title:Docusaurus gists plugin 信息泄露漏洞 (CVE-2025-53624)
Description:Docusaurus gists plugin是Webber Takken个人开发者的一个自动化插件。 Docusaurus gists plugin 4.0.0之前版本存在信息泄露漏洞,该漏洞源于GitHub令牌泄露,可能导致凭据泄露。
Description
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code.
File Snapshot

 id: CVE-2025-53624

info:
  name: Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exp

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.