Race Condition

Overview github.com/xyproto/algernon/engine is a Affected versions of this package are vulnerable to Race Condition. in the handle process due to the sync.RWMutex being released before L.Push and L.PCall execute. An attacker can cause Lua VM corruption or unpredictable server behavior by making...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the engine/flags.go process, which causes the SSE event server to bind to all network interfaces by default on Linux and macOS. An attacker can access sensitive event data by connecting to the...

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

Cross site scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...