Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Cross-site Scripting in Serenity
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
Permalink: https://github.com/advisories/GHSA-5jjq-8cvj-v6m9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago
Identifiers: GHSA-5jjq-8cvj-v6m9, CVE-2024-26318
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-26318
- https://serenity.is/docs/release-notes/6.8.0
- https://github.com/advisories/GHSA-5jjq-8cvj-v6m9
Affected Packages
npm:@serenity-is/corelib
Dependent packages: 2Dependent repositories: 4
Downloads: 900 last month
Affected Version Ranges: < 6.8.0
Fixed in: 6.8.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 6.1.0, 6.1.1, 6.1.4, 6.1.7, 6.1.8, 6.1.9, 6.2.0, 6.2.5, 6.2.9, 6.3.0, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.3.15, 6.4.0, 6.4.2, 6.4.3, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.2, 6.5.4, 6.6.0, 6.6.3, 6.6.5, 6.6.6, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6
All unaffected versions: 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.9.0, 6.9.2, 6.9.3, 6.9.5, 6.9.6, 8.0.0, 8.0.1, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.9, 8.1.5, 8.2.0, 8.2.2, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.7, 8.3.8, 8.3.9, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.4.5, 8.4.6
nuget:Serenity.Net.Core
Dependent packages: 0Dependent repositories: 0
Downloads: 259,537 total
Affected Version Ranges: < 6.8.0
Fixed in: 6.8.0
All affected versions: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.0.36, 5.0.37, 5.0.38, 5.0.39, 5.0.40, 5.0.41, 5.0.42, 5.0.43, 5.0.44, 5.0.45, 5.0.46, 5.0.47, 5.0.48, 5.0.49, 5.0.50, 5.0.51, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.7.0, 6.7.1, 6.7.2, 6.7.5, 6.7.6
All unaffected versions: 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.9.0, 6.9.1, 6.9.2, 6.9.3, 6.9.4, 6.9.5, 6.9.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.3.7, 8.3.8, 8.3.9, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.4.5, 8.4.6