Описание
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35305
- https://github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715
- https://github.com/Szarny
- https://github.com/gollum
- https://github.com/gollum/gollum/releases/tag/v5.1.2
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2020-35305.yml
- http://gollum.com
Пакеты
Наименование
gollum
rubygems
Затронутые версииВерсия исправления
>= 5.0, < 5.1.2
5.1.2
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.