RubyGems package
gollum
pkg:gem/gollum
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35305 | — | >= 5.0, < 5.1.2 | 5.1.2 | Jul 15, 2022 | Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | ||
| CVE-2014-9489 | Hig | 8.8 | < 3.1.1 | 3.1.1 | Oct 17, 2017 | The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-page | |
| CVE-2015-7314 | — | < 4.0.1 | 4.0.1 | Oct 6, 2015 | The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. |
- CVE-2020-35305Jul 15, 2022affected >= 5.0, < 5.1.2fixed 5.1.2
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
- affected < 3.1.1fixed 3.1.1
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-page
- CVE-2015-7314Oct 6, 2015affected < 4.0.1fixed 4.0.1
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.