漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hugo doesn't escape markdown title in internal render hooks
Vulnerability Description
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Hugo 安全漏洞
Vulnerability Description
Gohugoio Hugo是Gohugoio社区的一款基于Go语言用于快速生成静态站点的框架。 Hugo v0.123.0之前版本存在安全漏洞,该漏洞源于Markdown 标题未在内部渲染挂钩中转义。
CVSS Information
N/A
Vulnerability Type
N/A