CVE-2023-0901: Exposure of Sensitive Information to an Unauthorized Actor

February 18, 2023 (updated February 22, 2023)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.

References

github.com/advisories/GHSA-vjxx-jgcx-9fq2
github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57
huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010
nvd.nist.gov/vuln/detail/CVE-2023-0901

Detect and mitigate CVE-2023-0901 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →