Описание
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.
EPSS
Процентиль: 19%
0.0006
Низкий
Дефекты
CWE-79
Связанные уязвимости
github
2 месяца назад
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.
EPSS
Процентиль: 19%
0.0006
Низкий
Дефекты
CWE-79