MEDIUM 5.4

GHSA-g2vg-8hfg-79vj

Koji Cross-site Scripting

Details

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / koji

Introduced in: 1.35.0 Fixed in: 1.35.1

Fix pip install --upgrade 'koji>=1.35.1'

PyPI / koji

Introduced in: 1.34.0 Fixed in: 1.34.3

Fix pip install --upgrade 'koji>=1.34.3'

PyPI / koji

Introduced in: 0 Fixed in: 1.33.2

Fix pip install --upgrade 'koji>=1.33.2'

References

https://nvd.nist.gov/vuln/detail/CVE-2024-9427 [ADVISORY]
https://access.redhat.com/security/cve/CVE-2024-9427 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=2316047 [WEB]
https://docs.pagure.org/koji/CVEs/CVE-2024-9427 [WEB]
https://pagure.io/koji [PACKAGE]
https://pagure.io/koji/c/8c72d90d7bb991f8fb193851b80847ac9e9474a4?branch=master [WEB]