Closed
Description
In GitHub Security Advisory GHSA-9v4v-9fj5-p982, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/answerdev/answer | 1.0.6 | < 1.0.6 |
Cross references:
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-65px-4cpf-697r #1541 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-4cwh-8w4g-jxxh #1550 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-hjmr-xm25-36mh #1551 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-p7wj-c85f-xq9h #1552 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-qx34-47fc-vv79 #1553 NOT_IMPORTABLE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-rmw8-7823-wp7f #1554 EFFECTIVELY_PRIVATE
- Module github.com/answerdev/answer appears in issue x/vulndb: potential Go vuln in github.com/answerdev/answer: GHSA-6cvf-m58q-h9wf #1592 NOT_IMPORTABLE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/answerdev/answer
versions:
- fixed: 1.0.6
packages:
- package: github.com/answerdev/answer
description: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer
prior to 1.0.6.
cves:
- CVE-2023-1237
ghsas:
- GHSA-9v4v-9fj5-p982
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2023-1237
- fix: https://github.com/answerdev/answer/commit/0566894a2c0e13cf07d877f41467e2e21529fee8
- web: https://huntr.dev/bounties/cc2aa618-05da-495d-a5cd-51c40557d481
- advisory: https://github.com/advisories/GHSA-9v4v-9fj5-p982