Описание
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| weblate | itp | package |
EPSS
Процентиль: 8%
0.0003
Низкий
Связанные уязвимости
CVSS3: 5.3
nvd
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
CVSS3: 5.3
github
около 2 месяцев назад
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
EPSS
Процентиль: 8%
0.0003
Низкий