Nixpkgs security tracker

Permalink CVE-2024-9427

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year, 3 months ago

Koji: escape html tag characters in the query string

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code

References

RHBZ#2316047 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-9427 vdb-entryx_refsource_REDHAT
RHBZ#2316047 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-9427 vdb-entryx_refsource_REDHAT
RHBZ#2316047 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-9427 vdb-entryx_refsource_REDHAT
RHBZ#2316047 x_refsource_REDHATissue-tracking

Affected products

koji

<1.35.1

Matching in nixpkgs

pkgs.koji

Interactive CLI for creating conventional commits

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0

pkgs.haskellPackages.koji

Koji buildsystem XML-RPC API bindings

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2

Package maintainers

@ByteSudoer ByteSudoer <bytesudoer@gmail.com>