/
PYSEC-2022-246.yaml
55 lines (55 loc) · 1.07 KB
/
PYSEC-2022-246.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
id: PYSEC-2022-246
details: Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava
prior to 1.22.3.
affected:
- package:
name: fava
ecosystem: PyPI
purl: pkg:pypi/fava
ranges:
- type: GIT
repo: https://github.com/beancount/fava
events:
- introduced: "0"
- fixed: 68bbb6e39319deb35ab9f18d0b6aa9fa70472539
- type: ECOSYSTEM
events:
- introduced: "0"
- fixed: 1.22.3
versions:
- 0.0.0
- "1.10"
- "1.11"
- "1.12"
- "1.13"
- "1.14"
- "1.15"
- "1.16"
- "1.17"
- "1.18"
- "1.19"
- "1.20"
- 1.20.1
- "1.21"
- "1.22"
- 1.22.1
- 1.22.2
- "1.3"
- "1.4"
- "1.5"
- "1.6"
- "1.7"
- "1.8"
- "1.9"
references:
- type: WEB
url: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08
- type: FIX
url: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539
- type: ADVISORY
url: https://github.com/advisories/GHSA-6hcj-qrw3-m66q
aliases:
- CVE-2022-2589
- GHSA-6hcj-qrw3-m66q
modified: "2022-08-05T03:26:17.915953Z"
published: "2022-08-01T15:15:00Z"