decidim-meetings 0.29.0.rc2
1 security vulnerability
found in version
0.29.0.rc2
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
high severity CVE-2024-45594
high severity
CVE-2024-45594
Patched versions:
~> 0.28.3
, >= 0.29.0
Unaffected versions:
< 0.28.0
Impact
The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL.
Workarounds
Disable the creation of meetings by participants in the meeting component.
References
OWASP ASVS v4.0.3-5.1.3
Credits
This issue was discovered in a security audit organized by mitgestalten Partizipationsbüro against Decidim. The security audit was implemented by the Austrian Institute of Technology.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.