Medium severity5.4NVD Advisory· Published Dec 24, 2024· Updated Apr 15, 2026
CVE-2024-9427
CVE-2024-9427
Description
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kojiPyPI | >= 1.35.0, < 1.35.1 | 1.35.1 |
kojiPyPI | >= 1.34.0, < 1.34.3 | 1.34.3 |
kojiPyPI | < 1.33.2 | 1.33.2 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-g2vg-8hfg-79vjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9427ghsaADVISORY
- access.redhat.com/security/cve/CVE-2024-9427nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- docs.pagure.org/koji/CVEs/CVE-2024-9427ghsaWEB
- pagure.io/kojighsaPACKAGE
- pagure.io/koji/c/8c72d90d7bb991f8fb193851b80847ac9e9474a4ghsaWEB
News mentions
0No linked articles in our index yet.