GHSA-fr62-mg2q-7wqv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fr62-mg2q-7wqv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-fr62-mg2q-7wqv/GHSA-fr62-mg2q-7wqv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fr62-mg2q-7wqv
- Aliases
- Published
- 2025-03-04T17:23:15Z
- Modified
- 2025-03-11T17:16:40Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
- Details
-
Impact
The Pinecone Simulator (pineconesim) included in Pinecone up to commit https://github.com/matrix-org/pinecone/commit/ea4c33717fd74ef7d6f49490625a0fa10e3f5bbc is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconsim.
Patches
Commit https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd contains the fixes.
Workarounds
N/A
For more information
If you have any questions or comments about this advisory, please email us at security at matrix.org.
- Database specific
{ "nvd_published_at": "2025-03-04T17:15:18Z", "cwe_ids": [ "CWE-79", "CWE-80" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-03-04T17:23:15Z" }- References
Affected packages
Go / github.com/matrix-org/pinecone
Package
- Name
- github.com/matrix-org/pinecone
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/matrix-org/pinecone