GHSA-5jjq-8cvj-v6m9

Source

https://github.com/advisories/GHSA-5jjq-8cvj-v6m9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-5jjq-8cvj-v6m9/GHSA-5jjq-8cvj-v6m9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5jjq-8cvj-v6m9

Aliases

CVE-2024-26318

Published

2024-02-19T06:30:33Z

Modified

2024-12-07T05:40:44.561456Z

Summary

Cross-site Scripting in Serenity

Details

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Database specific

{
    "nvd_published_at": "2024-02-19T04:15:07Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-20T23:58:08Z"
}

References

Affected packages

NuGet / Serenity.Net.Core

Package

Name: Serenity.Net.Core; View open source insights on deps.dev
Purl: pkg:nuget/Serenity.Net.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.0

Affected versions

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.40

5.0.41

5.0.42

5.0.43

5.0.44

5.0.45

5.0.46

5.0.47

5.0.48

5.0.49

5.0.50

5.0.51

5.1.0

5.1.1

5.1.2

5.1.3

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.1.0

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.3.0

6.3.1

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.4.0

6.4.1

6.4.2

6.4.3

6.4.4

6.4.6

6.4.7

6.4.8

6.4.9

6.4.10

6.5.0

6.5.1

6.5.2

6.5.3

6.5.4

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.6.5

6.6.6

6.7.0

6.7.1

6.7.2

6.7.5

6.7.6

npm / @serenity-is/corelib

Package

Name: @serenity-is/corelib; View open source insights on deps.dev
Purl: pkg:npm/%40serenity-is/corelib

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.0