decidim-meetings 0.29.0.rc2

1 security vulnerability found in version 0.29.0.rc2

decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds

high severity CVE-2024-45594
high severity CVE-2024-45594
Patched versions: ~> 0.28.3, >= 0.29.0
Unaffected versions: < 0.28.0

Impact

The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.

Workarounds

Disable the creation of meetings by participants in the meeting component.

References

OWASP ASVS v4.0.3-5.1.3

Credits

This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.