Closed andrster closed 3 years ago
Hi @andrster, no need to be sorry. Can you help me with more information around the security issue?
BR Fredrik
https://nextcloud.com/security/advisory/?id=NC-SA-2021-005. this should provide more info. but Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in OC.Notification.show.
Hi @andrster, maybe I'm missing something, but I'm not familiar with Nextcloud and I don't understand how a security issue with Nextcloud Server has anything to do with godog.
A question on our slack community was raised about a security issue with "cobra", are those related?
Hey @lonnblad, not sure about the nextcloud security issue but there is another one detected by whitesource:
Whitesource has detected the usage of a vulnerable library github.com/cucumber/gherkin-go/v11-358b64f0b76efbd07590532f6f02f4667d28f9f9
Hey @lonnblad, not sure about the nextcloud security issue but there is another one detected by whitesource:
Whitesource has detected the usage of a vulnerable library github.com/cucumber/gherkin-go/v11-358b64f0b76efbd07590532f6f02f4667d28f9f9
Hi @sergiughf, thanks!! Do you know if that is solved in a later version of gherkin-go?
I honestly don't know:) as I'm not able to run whitesource manually on demand, it's automated and the check reruns only after a PR merge.
ok, I will check with the gherkin-go maintainers :)
Thank you @lonnblad ! Much appreciated:)
@sergiughf I created a new issue #382 for the whitesource gherkin-go issue.
Sorry for asking, it's just there is a security issue in 0.11 related to nextcloud.