Описание
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| weblate | itp | package |
EPSS
Процентиль: 7%
0.00026
Низкий
Связанные уязвимости
CVSS3: 5.3
nvd
4 месяца назад
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
CVSS3: 5.3
github
4 месяца назад
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
EPSS
Процентиль: 7%
0.00026
Низкий