CVE-2022-29947
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/woodpecker-ci/woodpecker
Identifiers
GHSA-vmp5-c5hp-6c65, CVE-2022-29947
Package Slug
go/github.com/woodpecker-ci/woodpecker
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
Affected Versions
All versions before 0.15.1
Solution
Upgrade to version 0.15.1 or above.
Last Modified
2022-05-04
| source |