Learn more about these different git repos.
Other Git URLs
An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. At present, we do not believe that this can be used to submit an action or make a change in Koji due to existing XSS protections in the code. Even so, this is a serious issue and we recommend applying this update promptly.
We are also fixing this issue for releases from the past year. For those backports, see:
See also: https://docs.pagure.org/koji/CVEs/CVE-2024-9427/
ProdSec CVE bugs for Fedora and EPEL
Metadata Update from @mikem: - Custom field Size adjusted to None
Metadata Update from @mikem: - Issue set to the milestone: 1.35.1
Metadata Update from @mikem: - Issue private status set to: False (was: True)
Commit 8c72d90 fixes this issue
Log in to comment on this ticket.