#4204 Fix CVE-2024-9427
Closed: Fixed 2 months ago by mikem. Opened 2 months ago by mikem.

An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. At present, we do not believe that this can be used to submit an action or make a change in Koji due to existing XSS protections in the code. Even so, this is a serious issue and we recommend applying this update promptly.

We are also fixing this issue for releases from the past year. For those backports, see:

See also: https://docs.pagure.org/koji/CVEs/CVE-2024-9427/


Metadata Update from @mikem:
- Custom field Size adjusted to None

2 months ago

Metadata Update from @mikem:
- Issue set to the milestone: 1.35.1

2 months ago

Metadata Update from @mikem:
- Issue private status set to: False (was: True)

2 months ago

Log in to comment on this ticket.

Metadata
Related Pull Requests
  • #4215 Merged 2 months ago