FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-18 07:05:22 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
eb437e17-66a1-11ef-ac08-75165d18d8d2	forgejo -- The scope of application tokens was not verified when writing containers or Conan packages. The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the package:write scope will now fail with an unauthorized error. It must be re-created to include the package:write scope. Discovery 2024-08-26 Entry 2024-08-30 forgejo < 8.0.2 https://codeberg.org/forgejo/forgejo/pulls/5149
a5e13973-6c75-11ef-858b-23eeba13701a	forgejo -- multiple vulnerabilities Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo. Discovery 2024-09-03 Entry 2024-09-06 forgejo < 8.0.3 forgejo7 < 7.0.9 CVE-2024-43788 https://codeberg.org/forgejo/forgejo/milestone/8231

VuXML ID

Description

eb437e17-66a1-11ef-ac08-75165d18d8d2

forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.

The forgejo team reports:

The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the package:write scope will now fail with an unauthorized error. It must be re-created to include the package:write scope.

Discovery 2024-08-26
Entry 2024-08-30
forgejo

< 8.0.2

https://codeberg.org/forgejo/forgejo/pulls/5149

a5e13973-6c75-11ef-858b-23eeba13701a

forgejo -- multiple vulnerabilities

Problem Description:

Replace v-html with v-text in search inputbox
Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo.

Discovery 2024-09-03
Entry 2024-09-06
forgejo

< 8.0.3

forgejo7

< 7.0.9

CVE-2024-43788
https://codeberg.org/forgejo/forgejo/milestone/8231