GO-2024-2655
See a problem?- Source
- https://pkg.go.dev/vuln/GO-2024-2655
- Import Source
- https://vuln.go.dev/ID/GO-2024-2655.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2655
- Aliases
-
- CVE-2024-28855
- GHSA-hfrg-4jwr-jfpj
- Published
- 2024-03-27T22:09:35Z
- Modified
- 2024-07-09T19:33:56Z
- Summary
- XSS in github.com/zitadel/zitadel
- Details
-
The Login UI did not sanitize input parameters. An attacker could create a malicious link, where injected code would be rendered as part of the login screen.
- References
- Credits
-
-
- Daniel Philipp (OWT) and Thomas Wickham (Synopsis)
-
Affected packages
Go / github.com/zitadel/zitadel
Package
- Name
- github.com/zitadel/zitadel
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/zitadel/zitadel
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.80.0-v2.20.0.20240312162750-5908b97e7c22
Ecosystem specific
{
"custom_ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.41.15"
},
{
"introduced": "2.42.0"
},
{
"fixed": "2.42.15"
},
{
"introduced": "2.43.0"
},
{
"fixed": "2.43.9"
},
{
"introduced": "2.44.0"
},
{
"fixed": "2.44.3"
},
{
"introduced": "2.45.0"
},
{
"fixed": "2.45.1"
},
{
"introduced": "2.46.0"
},
{
"fixed": "2.46.1"
},
{
"introduced": "2.47.0"
},
{
"fixed": "2.47.4"
}
],
"type": "ECOSYSTEM"
}
],
"imports": [
{
"path": "github.com/zitadel/zitadel/internal/renderer"
}
]
}