CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

Design/Logic Flaw

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

CVE-2020-26284 Hugo can execute a binary from the current directory on Windows

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

CVE-2020-26284

CVE-2020-26284 affects Hugo (Go-based SSG) where, before v0.79.1, Hugo uses Go’s os/exec and will invoke a malicious executable if a file named after a common Windows binary (exe or bat) exists in the current working directory when Hugo runs. This can allow an attacker to execute arbitrary code o...

CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

Gohugoio Hugo Operating System Command Injection Vulnerability

Gohugoio Hugo is a framework from the Gohugoio community based on the Go language for rapid generation of static sites. An operating system command injection vulnerability exists in Hugo versions prior to 0.79.1, which stems from the fact that if a malicious file exe or bat of the same name is...

hugo-info.de Cross Site Scripting vulnerability OBB-1429396

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Fedora 30 : caddy / etcd / hugo (2020-279c61dd70)

"Rebuilt to fix GHSA-jf24-p9p9-4rjh Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory FEDORA-2020-279c61dd70. include"compat.inc"; if description scriptid134130; scriptversion"1.1"; scriptcvsdate"Date: 2020/02/28";...

Fedora 31 : golang-vitess / hugo (2020-bd764dd275)

"Rebuilt to fix GHSA-jf24-p9p9-4rjh Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory FEDORA-2020-bd764dd275. include"compat.inc"; if description scriptid134140; scriptversion"1.1"; scriptcvsdate"Date: 2020/02/28";...

Fedora: Security Advisory for hugo (FEDORA-2020-279c61dd70)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for hugo (FEDORA-2020-bd764dd275)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: hugo-0.59.1-2.fc31~bootstrap

Hugo is a static HTML and CSS website generator written in Go. It is optimi zed for speed, easy use and configurability. Hugo takes a directory with content and templates and renders them into a full HTML website...

[SECURITY] Fedora 30 Update: hugo-0.55.6-2.fc30

Hugo is a static HTML and CSS website generator written in Go. It is optimi zed for speed, easy use and configurability. Hugo takes a directory with content and templates and renders them into a full HTML website...

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:GHSA-JQWC-JM56-WCWJ...

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:PYSEC-2019-157...

biobb-io (>=0.0.1 <=0.0.8), biobb-model (>=0.0.1 <=0.0.10) +6 more potentially affected by CVE-2017-16876 via mistune (>=0.7.3 <=0.7.4)

mistune PYPI version =0.7.3, =0.0.1, =0.0.1, =0.0.6, =0.2.1, =2.2.20170208112505, =0.1.0, =0.1.2, =0.3.2 Source cves: CVE-2017-16876 Source advisory: OSV:GHSA-98GJ-WWXM-CJ3H...

fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)

notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:GHSA-49QR-XH3W-H436...

fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)

notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:PYSEC-2018-17...

django-sftp (=0.1.0), hugo-jupyter (>=0.2.1 <=0.3.0) potentially affected by CVE-2018-1000805 via paramiko (=2.2.1)

paramiko PYPI version =2.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on paramiko and may be impacted: - django-sftp =0.1.0 - hugo-jupyter =0.2.1, =0.3.0 Source cves: CVE-2018-1000805 Source advisory: OSV:GHSA-F2J6-WRHH-V25M...

django-sftp (=0.1.0), hugo-jupyter (>=0.2.1 <=0.3.0) potentially affected by CVE-2018-7750 via paramiko (=2.2.1)

paramiko PYPI version =2.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on paramiko and may be impacted: - django-sftp =0.1.0 - hugo-jupyter =0.2.1, =0.3.0 Source cves: CVE-2018-7750 Source advisory: OSV:GHSA-232R-66CG-79PX...