CVE-2022-43996
The CVE-2022-43996 issue concerns the csaf_provider package before 0.8.2, where an XSS vulnerability arises when a CSAF document is uploaded as text/html. The upload endpoint accepts valid CSAF advisories (JSON) with Content-Type text/html and filenames ending in .html; when accessed in a browser...