—

PYSEC-2022-35

상세

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / weblate

최초 영향 버전: 0 수정 버전: f6753a1a1c63fade6ad418fbda827c6750ab0bda

수정 pip install --upgrade 'weblate>=f6753a1a1c63fade6ad418fbda827c6750ab0bda'

참고

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6jp6-9rf9-gc66 [ADVISORY]
https://github.com/WeblateOrg/weblate/commit/f6753a1a1c63fade6ad418fbda827c6750ab0bda [FIX]
https://github.com/WeblateOrg/weblate/commit/9e19a8414337692cc90da2a91c9af5420f2952f1 [FIX]
https://github.com/WeblateOrg/weblate/commit/22d577b1f1e88665a88b4569380148030e0f8389 [FIX]