Vulnerability Database
Blog
FAQ
Docs
PYSEC-2021-30
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-30.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-30
Aliases
CVE-2021-32561
GHSA-vcx4-fpmp-mvv6
Published
2021-05-11T14:15:00Z
Modified
2023-11-08T04:05:54.188107Z
Summary
[none]
Details
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
References
https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
https://www.brzozowski.io
https://octoprint.org/blog/2021/04/27/new-release-1.6.0/
Affected packages
PyPI
/
octoprint
Package
Name
octoprint
View open source insights on deps.dev
Purl
pkg:pypi/octoprint
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.6.0
Affected versions
1.*
1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3
PYSEC-2021-30 - OSV