CVE-2024-37166: ghtml Cross-Site Scripting (XSS) vulnerability

June 10, 2024

It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases.

References

github.com/advisories/GHSA-vvhj-v88f-5gxr
github.com/gurgunday/ghtml
github.com/gurgunday/ghtml/commit/df1ea50fe8968a766fd2b9379a8f9806375227f8
github.com/gurgunday/ghtml/security/advisories/GHSA-vvhj-v88f-5gxr
nvd.nist.gov/vuln/detail/CVE-2024-37166

Detect and mitigate CVE-2024-37166 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →