​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-c8mw-2r5f-43qx

Published

Last updated

https://images.chainguard.dev/security/CGA-c8mw-2r5f-43qx
Package

argo-workflows

Latest Update
Fixed
Fixed Version

3.6.0-r0

Aliases
  • CVE-2024-47875
  • GHSA-gx9m-whjm-85jf

Severity

10.0

Critical

CVSS V3

Summary

DOMpurify has a nesting-based mXSS

Description

DOMpurify was vulnerable to nesting-based mXSS

fixed by 0ef5e537 (2.x) and merge 943

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under test

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation