Security Advisories

CVE-2024-32875

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2024-32875

Severity

6.1

Medium

CVSS V3

Summary

Hugo Markdown titles do not escaped in internal render hooks

Description

Impact

Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files.

Patches

Patched in v0.125.3.

Workarounds

Replace with user defined templates or disable the internal templates: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault

References

https://github.com/gohugoio/hugo/releases/tag/v0.125.3

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-32875

Severity

Summary

Description

Impact

Patches

Workarounds

References

References

Affected packages

Product

Why Chainguard

Why Chainguard

Customers

Customers

Company

Company

Resources

Resources