Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL
Withdrawn Advisory: HTML injections in BTCPayServer
Withdrawn Advisory
This advisory has been withdrawn because all of the files affected by this vulnerability lie in the BTCPayServer folder, which is not in the NuGet ecosystem. The BTCPayServer folder, corresponding to the BTCPayServer NuGet entry, does not contain any files that were changed to fix the vulnerability.
Original Description
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
Permalink: https://github.com/advisories/GHSA-33gv-rvgq-gpxpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 5 months ago Widthdrawn: 6 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-33gv-rvgq-gpxp, CVE-2023-0493
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0493
- https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a
- https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f
- http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html
- https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a
- https://github.com/advisories/GHSA-33gv-rvgq-gpxp
Affected Packages
nuget:BTCPayServer.Client
Dependent packages: 0Dependent repositories: 0
Downloads: 36,620 total
Affected Version Ranges: < 1.7.5
Fixed in: 1.7.5
All affected versions: 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4
All unaffected versions: