Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OXctaGNjbS0yNjV4
Inline attribute values were not processed.
Impact
Inline attributes have not been processed escape.
If the data that came from users was not processed, then an XSS vulnerability is possible
Patches
Fixed in 9.4.4
Permalink: https://github.com/advisories/GHSA-589w-hccm-265xJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OXctaGNjbS0yNjV4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Identifiers: GHSA-589w-hccm-265x, CVE-2020-15263
References:
- https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x
- https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169
- https://nvd.nist.gov/vuln/detail/CVE-2020-15263
- https://github.com/advisories/GHSA-589w-hccm-265x
Blast Radius: 18.2
Affected Packages
packagist:orchid/platform
Dependent packages: 48Dependent repositories: 186
Downloads: 1,380,370 total
Affected Version Ranges: >= 9.0.0, < 9.4.4
Fixed in: 9.4.4
All affected versions: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.1.0, 9.1.1, 9.2.0, 9.3.0, 9.4.0, 9.4.1, 9.4.2, 9.4.3
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.12, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.20, 0.0.21, 0.0.22, 0.0.23, 0.0.24, 0.0.25, 0.0.26, 0.0.27, 0.0.28, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.14, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2.0, 3.2.1, 3.2.2, 3.3.3, 3.3.4, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.11.0, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.6.3, 4.7.0, 4.7.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.2.0, 6.3.0, 6.3.1, 6.3.2, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.6.0, 6.7.0, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6, 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.9.0, 6.10.0, 6.10.1, 6.10.2, 6.11.0, 6.11.1, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.6.0, 7.6.1, 7.6.2, 7.7.0, 7.7.1, 7.8.0, 7.9.0, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.11.0, 7.11.1, 7.11.2, 7.11.3, 7.12.0, 7.12.1, 7.13.0, 7.14.0, 7.14.1, 7.15.0, 7.16.0, 7.17.0, 7.17.1, 7.17.2, 7.17.3, 7.17.4, 7.18.0, 8.0.0, 8.0.1, 8.0.2, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.5.0, 8.5.1, 9.4.4, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 9.6.0, 9.7.0, 9.7.1, 9.7.2, 9.7.3, 9.7.4, 9.8.0, 9.8.1, 9.8.2, 9.9.0, 9.9.1, 9.9.2, 9.10.0, 9.10.1, 9.11.0, 9.11.1, 9.11.2, 9.12.0, 9.12.1, 9.13.0, 9.14.0, 9.14.1, 9.14.2, 9.14.3, 9.14.4, 9.14.5, 9.14.6, 9.15.0, 9.15.1, 9.15.2, 9.16.0, 9.16.1, 9.17.0, 9.17.1, 9.18.0, 9.18.1, 9.19.0, 9.19.1, 9.19.2, 9.19.3, 9.19.4, 9.19.5, 9.19.6, 9.19.7, 9.19.8, 9.20.0, 9.20.1, 9.21.0, 10.0.0, 10.0.1, 10.0.2, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.2.0, 10.2.1, 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.5.2, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.7.0, 10.7.1, 10.8.0, 10.8.1, 10.8.2, 10.9.0, 10.10.0, 10.11.0, 10.12.0, 10.12.1, 10.12.2, 10.13.0, 10.14.0, 10.14.1, 10.15.0, 10.16.0, 10.17.0, 10.18.0, 10.18.1, 10.19.0, 10.19.1, 10.19.2, 10.20.0, 10.20.1, 10.21.0, 10.22.0, 10.22.1, 10.23.0, 10.24.0, 10.25.0, 10.25.1, 10.25.2, 10.25.3, 10.26.0, 10.26.1, 10.27.0, 10.27.1, 10.27.2, 10.28.0, 10.29.0, 10.30.0, 10.31.0, 11.0.0, 11.0.1, 12.0.0, 12.1.0, 12.2.0, 12.2.1, 12.2.2, 12.3.0, 12.3.1, 12.3.2, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.5.0, 12.6.0, 12.6.1, 12.6.2, 13.0.0, 13.0.1, 13.0.2, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.6.0, 13.6.1, 13.7.0, 13.7.1, 13.8.0, 13.9.0, 13.9.1, 13.9.2, 13.9.3, 13.9.4, 13.10.0, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.3.0, 14.4.0, 14.5.0, 14.6.0, 14.7.0, 14.8.0, 14.8.1, 14.9.0, 14.9.1, 14.10.0, 14.11.0, 14.12.0, 14.12.1, 14.12.2, 14.13.0, 14.14.0, 14.15.0, 14.16.0, 14.17.0, 14.17.1, 14.18.0, 14.18.1, 14.19.0, 14.20.0, 14.21.0, 14.21.1, 14.22.0, 14.22.1, 14.23.0