PYSEC-2021-30

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-30.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-30
Aliases
Published
2021-05-11T14:15:00Z
Modified
2023-11-08T04:05:54.188107Z
Summary
[none]
Details

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

References

Affected packages

PyPI / octoprint

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.0

Affected versions

1.*

1.3.11
1.3.12rc1
1.3.12rc3
1.3.12
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.4.0
1.4.1rc1
1.4.1rc2
1.4.1rc3
1.4.1rc4
1.4.1
1.4.2
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0rc1
1.6.0rc2
1.6.0rc3