GHSA-gfhx-jjwq-63gv

Source

https://github.com/advisories/GHSA-gfhx-jjwq-63gv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-gfhx-jjwq-63gv/GHSA-gfhx-jjwq-63gv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gfhx-jjwq-63gv

Aliases

CVE-2021-42567

Published

2021-12-10T20:24:11Z

Modified

2024-11-30T05:31:26.901182Z

Summary

Cross-site Scripting in Apereo CAS

Details

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.

Database specific

{
    "nvd_published_at": "2021-12-07T22:15:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2021-12-08T20:20:15Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE"
}

References

Affected packages

Maven / org.apereo.cas:cas-server-core-web

Package

Name: org.apereo.cas:cas-server-core-web; View open source insights on deps.dev
Purl: pkg:maven/org.apereo.cas/cas-server-core-web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.2

Affected versions

v6.*

v6.4.0-RC5

v6.4.0-RC6

5.*

5.0.0.M1

5.0.0.M2

5.0.0.M3

5.0.0.RC1

5.0.0.RC2

5.0.0.RC3

5.0.0.RC4

5.0.0

5.0.1

5.0.2

5.0.3

5.0.3.1

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1.0-RC1

5.1.0-RC2

5.1.0-RC3

5.1.0-RC4

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.8

5.1.9

5.2.0-RC1

5.2.0-RC2

5.2.0-RC3

5.2.0-RC4

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.2.9

5.3.0-RC1

5.3.0-RC2

5.3.0-RC3

5.3.0-RC4

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.3.11

5.3.12

5.3.12.1

5.3.13

5.3.14

5.3.15

5.3.15.1

5.3.16

6.*

6.0.0-RC1

6.0.0-RC2

6.0.0-RC3

6.0.0-RC4

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.5.1

6.0.6

6.0.7

6.0.8

6.0.8.1

6.1.0-RC1

6.1.0-RC2

6.1.0-RC3

6.1.0-RC4

6.1.0-RC5

6.1.0-RC6

6.1.0

6.1.1

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.7.1

6.1.7.2

6.2.0-RC1

6.2.0-RC2

6.2.0-RC3

6.2.0-RC4

6.2.0-RC5

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.3.0-RC1

6.3.0-RC2

6.3.0-RC3

6.3.0-RC4

6.3.0-RC5

6.3.0

6.3.1

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.3.7

6.3.7.1

6.3.7.2

6.3.7.3

6.3.7.4

6.4.0-RC1

6.4.0-RC2

6.4.0-RC3

6.4.0-RC4

6.4.0-RC5

6.4.0-RC6

6.4.0

6.4.1