GlobalLeaks has insufficient URL validation in user support API

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.

N/A

输入验证不恰当

globaleaks-whistleblowing-software 输入验证错误漏洞

globaleaks-whistleblowing-software是GLOBALEAKS开源的一个匿名举报平台搭建软件。 globaleaks-whistleblowing-software 5.0.89之前版本存在输入验证错误漏洞，该漏洞源于对用户提交的支持请求验证不足，可能导致支持邮件中包含任意URL。

N/A

N/A