Description
A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fence_environment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes directly on the string, resulting in substring matching instead of membership checks against an array.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.16.1
References
Related Issues
- node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - CVE-2025-12816
- React Router has XSS Vulnerability - CVE-2025-59057
- @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
You might also like:
- Tags:
- npm
- @digitalocean/do-markdownit
Anything's wrong? Let us know Last updated on September 22, 2025


