GHSA-PPF8-HHPP-F5HJ Hugo Markdown titles do not escaped in internal render hooks

Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. Patches Patched in v0.125.3. Workarounds Replace with user defined templates or disable the internal...

CVE-2024-32875 vulnerabilities

Vulnerabilities for packages: hugo-extended...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 vulnerabilities

Vulnerabilities for packages: hugo-extended...

DEBIAN-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

UBUNTU-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo static site generator vulnerability CVE-2024-32875 affects versions prior to 0.125.3 (starting in 0.123.0). The issue is that title arguments in Markdown for links and images were not escaped in internal render hooks, potentially impacting users who have these hooks enabled and do not trust ...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

Hugo 安全漏洞

Gohugoio Hugo is a framework from the Gohugoio community based on the Go language for rapid generation of static sites. A security vulnerability exists in Hugo versions prior to v0.123.0, which stems from Markdown headers not being escaped in internal rendering hooks...

USN-6744-1 pillow vulnerability

Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a deni...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: pulumi-language-java, helm, kubeflow-katib, kind, slsa-verifier, kubernetes-csi-livenessprobe, cortex, rqlite, metacontroller, memcached-exporter, external-dns, flux-notification-controller, grype, nodetaint, nghttp2, minio, conftest, aactl, flux-source-controller,...

[SECURITY] [DLA 3420-1] golang-websocket security update

Debian LTS Advisory DLA-3420-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 14, 2023 https://wiki.debian.org/LTS Package : golang-websocket Version : 1.4.0-1+deb10u1 CVE ID : CVE-2020-27813 An integer overflow vulnerability exists in golang-websocket, a Go...

Fedora: Security Advisory for hugo (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: hugo-0.93.3-6.fc36

Hugo is a static HTML and CSS website generator written in Go. It is optimized for speed, easy use and configurability. Hugo takes a directory with content and templates and renders them into a full HTML website...

[SECURITY] Fedora 35 Update: golang-github-gohugoio-testmodbuilder-0-0.10.20201030git72e1e0c.fc35

Some helper scripts used for Hugo testing...

Fedora: Security Advisory for golang-github-gohugoio-testmodbuilder (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...