3 matches found
GO-2026-5919 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder
Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder...
GHSA-7QW2-F75V-62F7 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...
Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...