Опубликовано: 27 дек. 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 5.4
Описание
rdiffweb vulnerable to Special Element Injection
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
Пакеты
Наименование
rdiffweb
pip
Затронутые версииВерсия исправления
< 2.5.5
2.5.5
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVSS3: 5.4
debian
около 3 лет назад
Failure to Sanitize Special Elements into a Different Plane (Special E ...