PYSEC-2021-30

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-30.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-30

Aliases

CVE-2021-32561
GHSA-vcx4-fpmp-mvv6

Published

2021-05-11T14:15:00Z

Modified

2023-11-08T04:05:54.188107Z

Summary

[none]

Details

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

References

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
https://www.brzozowski.io
https://octoprint.org/blog/2021/04/27/new-release-1.6.0/

Affected packages

PyPI / octoprint

Package

Name: octoprint; View open source insights on deps.dev
Purl: pkg:pypi/octoprint

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0

Affected versions

1.*

1.3.11

1.3.12rc1

1.3.12rc3

1.3.12

1.4.0rc1

1.4.0rc2

1.4.0rc3

1.4.0rc4

1.4.0rc5

1.4.0rc6

1.4.0

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.1

1.4.2

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0rc1

1.6.0rc2

1.6.0rc3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/octoprint/PYSEC-2021-30.yaml"