CVE-2020-35305: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.
References
- gollum.com/
- github.com/Szarny/
- github.com/advisories/GHSA-fj2w-qmjp-3rjm
- github.com/gollum/
- github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715
- github.com/gollum/gollum/releases/tag/v5.1.2
- github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2020-35305.yml
- nvd.nist.gov/vuln/detail/CVE-2020-35305
Detect and mitigate CVE-2020-35305 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →