Log in Sign up KO

—

PYSEC-2021-30

Details

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / octoprint

Introduced in: 0 Fixed in: 1.6.0

Fix pip install --upgrade 'octoprint>=1.6.0'

References

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 [WEB]
https://www.brzozowski.io [WEB]
https://octoprint.org/blog/2021/04/27/new-release-1.6.0/ [ARTICLE]
https://github.com/advisories/GHSA-vcx4-fpmp-mvv6 [ADVISORY]