GHSA-pwq7-f7f9-cm2j

Source
https://github.com/advisories/GHSA-pwq7-f7f9-cm2j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-pwq7-f7f9-cm2j/GHSA-pwq7-f7f9-cm2j.json
Aliases
Published
2022-09-30T00:00:34Z
Modified
2023-11-08T04:10:26.539092Z
Details

dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released.

References

Affected packages

Go / github.com/dutchcoders/transfer.sh

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Last affected
1.4.0