Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL

Withdrawn Advisory: HTML injections in BTCPayServer

Withdrawn Advisory

This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to fix the vulnerability.

Original Description

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

Permalink: https://github.com/advisories/GHSA-33gv-rvgq-gpxp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 5 months ago

Widthdrawn: 6 months ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-33gv-rvgq-gpxp, CVE-2023-0493
References: Repository: https://github.com/btcpayserver/btcpayserver

Affected Packages

nuget:BTCPayServer.Client
Dependent packages: 0
Dependent repositories: 0
Downloads: 36,620 total
Affected Version Ranges: < 1.7.5
Fixed in: 1.7.5
All affected versions: 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4
All unaffected versions: