CVE-2020-35305
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gem/gollum
Identifiers
GHSA-fj2w-qmjp-3rjm, CVE-2020-35305
Package Slug
gem/gollum
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
Affected Versions
All versions starting from 5.0 before 5.1.2
Solution
Upgrade to version 5.1.2 or above.
Last Modified
2022-07-24
| source |