CVE-2023-39584: Hexo `include_code` has a path traversal
(updated )
Hexo up to v7.1.1 was discovered to contain an arbitrary file read vulnerability.
References
- github.com/advisories/GHSA-x2jc-989c-47q4
- github.com/hexojs/hexo
- github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.js
- github.com/hexojs/hexo/blob/cefee921153ba597316457f4fedf7b87b6516917/lib/plugins/tag/include_code.ts
- github.com/hexojs/hexo/commit/b5b63caee27256d71a0cee8954c22375ec885d07
- github.com/hexojs/hexo/issues/5250
- github.com/hexojs/hexo/pull/5251
- nvd.nist.gov/vuln/detail/CVE-2023-39584
Code Behaviors & Features
Detect and mitigate CVE-2023-39584 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →