Moderate severityNVD Advisory· Published May 11, 2021· Updated Aug 3, 2024
CVE-2021-32561
CVE-2021-32561
Description
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OctoPrintPyPI | < 1.6.0 | 1.6.0 |
Affected products
2- OctoPrint/OctoPrintdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-vcx4-fpmp-mvv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32561ghsaADVISORY
- github.com/OctoPrint/OctoPrint/releases/tag/1.6.0ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yamlghsaWEB
- octoprint.org/blog/2021/04/27/new-release-1.6.0ghsaWEB
- octoprint.org/blog/2021/04/27/new-release-1.6.0/mitrex_refsource_MISC
- www.brzozowski.ioghsaWEB
- www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.