blob: 2aa3473857913277483a7e8ad0f1b8897dc45833 [file] [log] [blame]
id: GO-TEST-ID
modules:
- module: github.com/drakkan/sftpgo
versions:
- fixed: 2.3.5
summary: SFTPGo WebClient vulnerable to Cross-site Scripting
description: |-
### Impact Cross-site scripting (XSS) vulnerabilities have been reported to
affect SFTPGo WebClient. If exploited, this vulnerability allows remote
attackers to inject malicious code.
### Patches Fixed in v2.3.5.
cves:
- CVE-2022-39220
ghsas:
- GHSA-cf7g-cm7q-rq7f
references:
- advisory: https://github.com/drakkan/sftpgo/security/advisories/GHSA-cf7g-cm7q-rq7f
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-39220
- fix: https://github.com/drakkan/sftpgo/commit/cbef217cfa92478ee8e00ba1a5fb074f8a8aeee0
notes:
- lint: 'description: possible markdown formatting (found ### )'
- lint: 'modules[0] "github.com/drakkan/sftpgo": version 2.3.5 does not exist'
- lint: 'references: too many advisories (found 2, want <=1)'
- lint: 'summary: must contain an affected module or package path (e.g. "github.com/drakkan/sftpgo")'