Go modules package
github.com/gitpod-io/gitpod
pkg:golang/github.com/gitpod-io/gitpod
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21583 | Med | 4.1 | <= 0.8.0 | — | Jul 19, 2024 | Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p | |
| CVE-2023-32766 | — | < 2022.11.3 | 2022.11.3 | Jun 5, 2023 | Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). |
- affected <= 0.8.0
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p
- CVE-2023-32766Jun 5, 2023affected < 2022.11.3fixed 2022.11.3
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).