CVE-2023-1496
MEDIUM5.4EPSS 39.8%imgproxy Cross-site Scripting vulnerability in github.com/imgproxy/imgproxy
發布日:2023/3/19修改日:2026/3/3
描述
imgproxy Cross-site Scripting vulnerability in github.com/imgproxy/imgproxy
受影響套件(4)
- Go/github.com/imgproxy/imgproxyfrom 0
- Go/github.com/imgproxy/imgproxy/v2from 0
- Go/github.com/imgproxy/imgproxy/v3from 0, < 3.14.0
- Go/github.com/imgproxy/imgproxy/v3from 0, < 3.14.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://github.com/advisories/GHSA-ch9g-x9j7-rcgp
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-1496
- PATCHhttps://github.com/imgproxy/imgproxy
- WEBhttps://github.com/imgproxy/imgproxy/commit/62f8d08a93d301285dcd1dabcc7ba10c6c65b689
- WEBhttps://huntr.dev/bounties/de603972-935a-401a-96fb-17ddadd282b2