GHSA-33gv-rvgq-gpxp
- Source
- https://github.com/advisories/GHSA-33gv-rvgq-gpxp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-33gv-rvgq-gpxp/GHSA-33gv-rvgq-gpxp.json
- Withdrawn
- 2023-10-10T21:18:09Z
- Published
- 2023-01-27T00:30:18Z
- Modified
- 2024-02-16T08:25:07.697756Z
- Details
-
Withdrawn Advisory
This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to fix the vulnerability.
Original Description
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-0493
- https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a
- https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a
- https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f
- http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html