GHSA-cc4g-m3g7-xmw8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cc4g-m3g7-xmw8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-cc4g-m3g7-xmw8/GHSA-cc4g-m3g7-xmw8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cc4g-m3g7-xmw8
- Aliases
- Published
- 2024-10-01T18:14:54Z
- Modified
- 2024-10-03T13:39:21.865953Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Decidim has a cross-site scripting vulnerability in the version control page
- Details
-
Impact
The version control feature used in resources is subject to potential cross-site scripting (XSS) attack through a malformed URL.
Workarounds
Not available
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by Open Source Politics against Decidim done during July 2025.
- Database specific
{ "nvd_published_at": "2024-10-01T15:15:07Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-10-01T18:14:54Z" }- References
-
- https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
- https://nvd.nist.gov/vuln/detail/CVE-2024-41673
- https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637
- https://github.com/decidim/decidim
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2024-41673.yml
Affected packages
RubyGems / decidim
Package
- Name
- decidim
- Purl
- pkg:gem/decidim
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.27.8
Affected versions
0.*
0.0.1.alpha1
0.0.1.alpha2
0.0.1.alpha3
0.0.1.alpha4
0.0.1.alpha5
0.0.1.alpha6
0.0.1.alpha7
0.0.1.alpha8
0.0.1.alpha9
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8.1
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.11.0.pre1
0.11.1
0.11.2
0.12.0.pre
0.12.0
0.12.1
0.12.2
0.13.0.pre1
0.13.0
0.13.1
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.18.0
0.18.1
0.19.0
0.19.1
0.20.0
0.20.1
0.21.0
0.22.0
0.23.0
0.23.1.rc1
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.24.0.rc1
0.24.0.rc2
0.24.0
0.24.1
0.24.2
0.24.3
0.25.0.rc1
0.25.0.rc2
0.25.0.rc3
0.25.0.rc4
0.25.0
0.25.1
0.25.2
0.26.0.rc2
0.26.0
0.26.1
0.26.2
0.26.3
0.26.4
0.26.5
0.26.7
0.26.8
0.26.9
0.26.10
0.27.0.rc1
0.27.0.rc2
0.27.0
0.27.1
0.27.2
0.27.3
0.27.4
0.27.5
0.27.6
0.27.7