GHSA-g2vg-8hfg-79vj

Suggest an improvement
Source
https://github.com/advisories/GHSA-g2vg-8hfg-79vj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-g2vg-8hfg-79vj/GHSA-g2vg-8hfg-79vj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g2vg-8hfg-79vj
Aliases
  • CVE-2024-9427
Published
2024-12-24T06:30:42Z
Modified
2024-12-26T20:42:09.006122Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Koji Cross-site Scripting
Details

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code.

Database specific
{
    "nvd_published_at": "2024-12-24T04:15:07Z",
    "cwe_ids": [
        "CWE-116"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-26T20:22:34Z"
}
References

Affected packages

PyPI / koji

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.35.0
Fixed
1.35.1

Affected versions

1.*

1.35.0

PyPI / koji

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.34.0
Fixed
1.34.3

Affected versions

1.*

1.34.0
1.34.1
1.34.2

PyPI / koji

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.33.2

Affected versions

1.*

1.15.0
1.16.0
1.16.1
1.17.0
1.18.0
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.21.1
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.24.1
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.27.1
1.28.0
1.28.1
1.29.0
1.29.1
1.30.0
1.30.1
1.31.0
1.31.1
1.32.0
1.32.1
1.33.0
1.33.1