Skip to content

Commit 7b6de19

Browse files
jasnowpostmodern
jasnow
and
postmodern
authored
GHSA SYNC: 2 brand new advisories (#822)
--------- Co-authored-by: Postmodern <[email protected]>
1 parent 7efe0d9 commit 7b6de19

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

gems/decidim/CVE-2024-41673.yml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
---
2+
gem: decidim
3+
cve: 2024-41673
4+
ghsa: cc4g-m3g7-xmw8
5+
url: https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
6+
title: Decidim has a cross-site scripting vulnerability in the version control page
7+
date: 2024-10-01
8+
description: |
9+
### Impact
10+
11+
The version control feature used in resources is subject to potential
12+
cross-site scripting (XSS) attack through a malformed URL.
13+
14+
### Workarounds
15+
16+
Not available
17+
18+
### References
19+
20+
OWASP ASVS v4.0.3-5.1.3
21+
22+
### Credits
23+
24+
This issue was discovered in a security audit organized by
25+
[Open Source Politics](https://opensourcepolitics.eu/)
26+
against Decidim done during July 2025.
27+
cvss_v3: 7.1
28+
patched_versions:
29+
- ">= 0.27.8"
30+
related:
31+
url:
32+
- https://nvd.nist.gov/vuln/detail/CVE-2024-41673
33+
- https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
34+
- https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637
35+
- https://github.com/advisories/GHSA-cc4g-m3g7-xmw8

0 commit comments

Comments
 (0)