Publish GHSA-64x7-m7rh-9m83

Author: advisory-database[bot]

advisories/github-reviewed/2025/06/GHSA-64x7-m7rh-9m83/GHSA-64x7-m7rh-9m83.json

@@ -1,17 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-64x7-m7rh-9m83",
-  "modified": "2025-06-18T17:52:34Z",
+  "modified": "2025-06-18T18:46:37Z",
   "published": "2025-06-17T21:32:30Z",
+  "withdrawn": "2025-06-18T18:46:37Z",
   "aliases": [
     "CVE-2025-45525"
   ],
-  "summary": "microlight.js has a null pointer dereference vulnerability",
-  "details": "A null pointer dereference vulnerability was discovered in microlight.js (version 0.0.7), a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash.",
+  "summary": "Withdrwn Advisory: microlight.js has a null pointer dereference vulnerability",
+  "details": "## Withdrawn Advisory\nThis advisory has been withdrawn because a website owner has to set CSS color values. The proof of concept doesn't demonstrate how a malicious user who is not the website owner can cause an application crash. This link has been maintained to preserve external references.\n\n## Original Description\nA null pointer dereference vulnerability was discovered in microlight.js (version 0.0.7), a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash.",
   "severity": [
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
     }
   ],
   "affected": [