CVE-2024-32875: Hugo Markdown titles do not escaped in internal render hooks
Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files.
References
Detect and mitigate CVE-2024-32875 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →