CVE-2023-38501: copyparty vulnerable to reflected cross-site scripting via k304 parameter
(updated )
The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=...
References
- github.com/9001/copyparty
- github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38
- github.com/9001/copyparty/releases/tag/v1.8.7
- github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh
- github.com/advisories/GHSA-f54q-j679-p9hh
- github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-132.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-38501
Detect and mitigate CVE-2023-38501 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →