View Code? Open in Web Editor
NEW
This project forked from fossabot/gpushover
gpushover: Go wrapper for the Pushover API.
Home Page: https://github.com/johnsonjh/gpushover
License: MIT License
gpushover's Introduction
Go wrapper for the Pushover API.
gpushover's People
gpushover's Issues
CVE-2021-22878 - Medium Severity Vulnerability
Vulnerable Library - github.com/modern-go/reflect2-1.0.1
reflect api without runtime reflect.Value cost
Dependency Hierarchy:
- github.com/json-iterator/go-v1.1.10 (Root Library)
- ❌ github.com/modern-go/reflect2-1.0.1 (Vulnerable Library)
Found in HEAD commit: 1c052b55a5929df9e589f74ecff87479bedc4943
Found in base branch: master
Vulnerability Details
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in OC.Notification.show
.
Publish Date: 2021-03-03
URL: CVE-2021-22878
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://nextcloud.com/security/advisory/?id=NC-SA-2021-005
Release Date: 2021-03-03
Fix Resolution: v20.0.6
Step up your Open Source Security Game with WhiteSource here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
Detected dependencies
gomod
go.mod
go 1.17
github.com/johnsonjh/leaktestfe v0.0.0-20230308203709-32b9101894df@32b9101894df
github.com/json-iterator/go v1.1.12
go4.org v0.0.0-20230225012048-214862532bf5@214862532bf5