Go modules package
github.com/csaf-poc/csaf_distribution
pkg:golang/github.com/csaf-poc/csaf_distribution
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43996 | — | < 0.8.2 | 0.8.2 | Dec 13, 2022 | The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser |
- CVE-2022-43996Dec 13, 2022affected < 0.8.2fixed 0.8.2
The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser