Headline
GHSA-83pm-7v48-5jp4: rdiffweb vulnerable to Special Element Injection
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
rdiffweb vulnerable to Special Element Injection
Moderate severity GitHub Reviewed Published Dec 27, 2022 • Updated Dec 30, 2022
Related news
CVE-2022-4721: Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection in rdiffweb
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.