CVE-2020-28364: Locust Stored Cross-site Scripting Vulnerability
(updated )
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.
References
- docs.locust.io/en/stable/changelog.html
- github.com/advisories/GHSA-vqxw-9pg7-v7v9
- github.com/locustio/locust
- github.com/locustio/locust/commit/0d118179709b4a60174810bae4db41d40e4c99ad
- github.com/locustio/locust/commit/4049173b3466da236b1d8d8d3519e73c01525a0d
- github.com/locustio/locust/pull/1603
- github.com/pypa/advisory-database/tree/main/vulns/locust/PYSEC-2020-60.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-28364
Detect and mitigate CVE-2020-28364 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →