Go modules package
github.com/woodpecker-ci/woodpecker
pkg:golang/github.com/woodpecker-ci/woodpecker
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40034 | — | >= 1.0.0, < 1.0.2 | 1.0.2 | Aug 16, 2023 | Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and c | ||
| CVE-2022-29947 | — | < 0.15.1 | 0.15.1 | Apr 29, 2022 | Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. |
- CVE-2023-40034Aug 16, 2023affected >= 1.0.0, < 1.0.2fixed 1.0.2
Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and c
- CVE-2022-29947Apr 29, 2022affected < 0.15.1fixed 0.15.1
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.