XSS in markdown descriptions in directives and groups

Low

amousset published GHSA-88vr-f5c3-5jr8

Jul 11, 2023

Package

rudder-webapp (rudder)

Affected versions

< 6.0.7

>= 6.1.0, < 6.1.1

Patched versions

6.0.7

6.1.1

Description

Impact

Possible XSS in markdown description of groupes and directives.

Patches

#3060

This bug has been fixed in Rudder 6.0.7 and 6.1.1 which were released on 2020/07/03.

Workarounds

None.

References

#17641 on the bug tracker