CVE-2020-35305

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gem/gollum

Identifiers

GHSA-fj2w-qmjp-3rjm, CVE-2020-35305

Package Slug

gem/gollum

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.

Affected Versions

All versions starting from 5.0 before 5.1.2

Solution

Upgrade to version 5.1.2 or above.

Last Modified

2022-07-24

source