data/reports/GO-2024-3314.yaml - vulndb - Git at Google

 id: GO-2024-3314
 modules:
     - module: github.com/gohugoio/hugo
       versions:
         - introduced: 0.123.0
         - fixed: 0.139.4
       vulnerable_at: 0.139.3
 summary: |-
     Hugo does not escape some attributes in internal templates in
     github.com/gohugoio/hugo
 cves:
     - CVE-2024-55601
 ghsas:
     - GHSA-c2xf-9v2r-r2rx
 references:
     - advisory: https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx
     - fix: https://github.com/gohugoio/hugo/commit/54398f8d572c689f9785d59e907fd910a23401b0
     - web: https://github.com/gohugoio/hugo/releases/tag/v0.139.4
     - web: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault
 source:
     id: GHSA-c2xf-9v2r-r2rx
     created: 2024-12-10T16:09:55.455438-05:00
 review_status: REVIEWED
	id: GO-2024-3314
	modules:
	- module: github.com/gohugoio/hugo
	versions:
	- introduced: 0.123.0
	- fixed: 0.139.4
	vulnerable_at: 0.139.3
	summary: \|-
	Hugo does not escape some attributes in internal templates in
	github.com/gohugoio/hugo
	cves:
	- CVE-2024-55601
	ghsas:
	- GHSA-c2xf-9v2r-r2rx
	references:
	- advisory: https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx
	- fix: https://github.com/gohugoio/hugo/commit/54398f8d572c689f9785d59e907fd910a23401b0
	- web: https://github.com/gohugoio/hugo/releases/tag/v0.139.4
	- web: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault
	source:
	id: GHSA-c2xf-9v2r-r2rx
	created: 2024-12-10T16:09:55.455438-05:00
	review_status: REVIEWED