Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/AlexxIT/go2rtc: GHSA-rh4r-f7f7-r99m #3053

Closed
GoVulnBot opened this issue Aug 5, 2024 · 2 comments
Closed

x/vulndb: potential Go vuln in github.com/AlexxIT/go2rtc: GHSA-rh4r-f7f7-r99m #3053

GoVulnBot opened this issue Aug 5, 2024 · 2 comments
Labels
triaged

Comments

@GoVulnBot
Copy link

Advisory GHSA-rh4r-f7f7-r99m references a vulnerability in the following Go modules:

Module
github.com/AlexxIT/go2rtc

Description:
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (index.html) shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item (name) gets appended using innerHTML. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin.

References:

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/AlexxIT/go2rtc
      versions:
        - fixed: 1.9.0
      vulnerable_at: 1.8.5
summary: gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc
cves:
    - CVE-2024-29193
ghsas:
    - GHSA-rh4r-f7f7-r99m
references:
    - advisory: https://github.com/advisories/GHSA-rh4r-f7f7-r99m
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-29193
    - fix: https://github.com/AlexxIT/go2rtc/commit/3b3d5b033aac3a019af64f83dec84f70ed2c8aba
    - web: https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc
source:
    id: GHSA-rh4r-f7f7-r99m
    created: 2024-08-05T22:04:45.504530264Z
review_status: UNREVIEWED
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/603715 mentions this issue: data/reports: add 20 unreviewed reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/603716 mentions this issue: data/reports: add 19 unreviewed reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tatianab @gopherbot @GoVulnBot