Skip to content

[GHSA-mw8w-q3f7-2v85] Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)#7160

Merged
advisory-database[bot] merged 1 commit intostefanprodan/advisory-improvement-7160from
stefanprodan-GHSA-mw8w-q3f7-2v85
Mar 16, 2026
Merged

[GHSA-mw8w-q3f7-2v85] Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)#7160
advisory-database[bot] merged 1 commit intostefanprodan/advisory-improvement-7160from
stefanprodan-GHSA-mw8w-q3f7-2v85

Conversation

@stefanprodan
Copy link

@stefanprodan stefanprodan commented Mar 14, 2026

Updates

  • Affected products
  • CVSS v3
  • CVSS v4

Comments
CVE fixed in https://github.com/stefanprodan/podinfo/releases/tag/6.11.1

Copilot AI review requested due to automatic review settings March 14, 2026 13:42
@github-actions github-actions bot changed the base branch from main to stefanprodan/advisory-improvement-7160 March 14, 2026 13:43
Copilot AI reviewed Mar 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the GHSA advisory record for GHSA-mw8w-q3f7-2v85 (Podinfo arbitrary file upload leading to stored XSS), aiming to reflect updated affected versions and scoring information.

Changes:

  • Removes the populated top-level severity entries (CVSS v3.1/v4.0) and replaces them with an empty array.
  • Updates the affected range to use a fixed event at 6.11.1 and adds database_specific.last_known_affected_version_range.
  • Bumps the modified timestamp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@stefanprodan
Copy link
Author

stefanprodan commented Mar 14, 2026

Removes the populated top-level severity entries (CVSS v3.1/v4.0) and replaces them with an empty array.

This looks like a form submission bug, I only added the version with the fix

@advisory-database advisory-database bot merged commit ed7081c into stefanprodan/advisory-improvement-7160 Mar 16, 2026
7 of 8 checks passed
@advisory-database
Copy link
Contributor

advisory-database bot commented Mar 16, 2026

Hi @stefanprodan! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@advisory-database advisory-database bot deleted the stefanprodan-GHSA-mw8w-q3f7-2v85 branch March 16, 2026 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stefanprodan