Описание
Withdrawn Advisory: HTML injections in BTCPayServer
Withdrawn Advisory
This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to fix the vulnerability.
Original Description
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-0493
- https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a
- https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a
- https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f
- http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html
Пакеты
Наименование
BTCPayServer.Client
nuget
Затронутые версииВерсия исправления
< 1.7.5
1.7.5
Связанные уязвимости
CVSS3: 5.3
nvd
около 3 лет назад
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.