UBUNTU-CVE-2024-55601

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-55601

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-55601.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-55601

Related

CVE-2024-55601

Published

2024-12-09T22:15:00Z

Modified

2025-01-13T10:26:50Z

Summary

[none]

Details

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: _default/_markup/render-link.html from v0.123.0; _default/_markup/render-image.html from v0.123.0; _default/_markup/render-table.html from v0.134.0; and/or shortcodes/youtube.html from v0.125.0. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.

References

Affected packages

Ubuntu:Pro:16.04:LTS / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.15+git20160206.203.ed23711-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.15+git20160109.147.dd1d655-1

0.15+git20160109.147.dd1d655-2

0.15+git20160128.179.5def6d9-1

0.15+git20160206.203.ed23711-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.40.1-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.25.1-2

0.26-1

0.35-1

0.37.1-1

0.38-1

0.39-1

0.40-1

0.40.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.68.3-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.57.2-1

0.58.3-1

0.59.1-1.1

0.68.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.92.2-1ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.80.0-6

0.89.4-2

0.90.0-1

0.90.1-1

0.91.0-1

0.91.2-1

0.92.0-1

0.92.1-1build1

0.92.2-1

0.92.2-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.129.0-2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.123.7-1build1

0.125.5-1

0.125.7-1

0.126.1-1

0.126.2-1

0.126.3-1

0.127.0-1

0.128.2-1

0.128.2-2

0.129.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / hugo

Package

Name: hugo
Purl: pkg:deb/ubuntu/hugo@0.123.7-1ubuntu0.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.113.0-3

0.119.0-2

0.120.3-1

0.120.4-1

0.121.2-1

0.122.0-1

0.123.7-1build1

0.123.7-1ubuntu0.1

0.123.7-1ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}