Vulnerability Report: GO-2024-2747
- CVE-2024-32875, GHSA-ppf8-hhpp-f5hj
- Affects: github.com/gohugoio/hugo
- Published: Jun 04, 2024
- Modified: Jul 19, 2024
Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
For detailed information about this vulnerability, visit https://github.com/gohugoio/hugo/security/advisories/GHSA-ppf8-hhpp-f5hj.
Affected Packages
-
PathGo VersionsSymbols
-
from v0.123.0 before v0.125.3all symbols
Aliases
References
- https://github.com/gohugoio/hugo/security/advisories/GHSA-ppf8-hhpp-f5hj
- https://github.com/gohugoio/hugo/commit/15a4b9b33715887001f6eff30721d41c0d4cfdd1
- https://github.com/gohugoio/hugo/releases/tag/v0.125.3
- https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault
- https://vuln.go.dev/ID/GO-2024-2747.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.