CVE-2021-43288
- Source
- https://cve.org/CVERecord?id=CVE-2021-43288
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43288.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-43288
- Published
- 2022-04-14T13:15:11.460Z
- Modified
- 2025-11-14T12:34:02.456559Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
- References
Affected packages
Git / github.com/gocd/gocd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gocd/gocd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
14.*
14.2.0
14.3.0
14.4.0
15.*
15.1.0
15.2.0
15.3.0
15.3.1
16.*
16.1.0
16.10.0
16.11.0
16.12.0
16.2.0
16.3.0
16.4.0
16.5.0
16.6.0
16.7.0
16.8.0
16.9.0
17.*
17.1.0
17.10.0
17.11.0
17.12.0
17.2.0
17.3.0
17.4.0
17.5.0
17.6.0
17.7.0
17.8.0
17.9.0
18.*
18.1.0
18.10.0
18.11.0
18.12.0
18.2.0
18.3.0
18.4.0
18.5.0
18.6.0
18.7.0
18.8.0
18.9.0
19.*
19.1.0
19.10.0
19.11.0
19.12.0
19.2.0
19.3.0
19.4.0
19.5.0
19.6.0
19.7.0
19.8.0
19.9.0
20.*
20.1.0
20.10.0
20.2.0
20.3.0
20.4.0
20.5.0
20.6.0
20.7.0
20.8.0
20.9.0
21.*
21.1.0
21.2.0
Database specific
vanir_signatures
[
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Line",
"target": {
"file": "common/src/test/java/com/thoughtworks/go/domain/FolderDirectoryEntryTest.java"
},
"id": "CVE-2021-43288-132f8abb",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"41130404282318150981389390619315329558",
"117417995383817804647042997548096880401",
"339481908839719685303323831546175213824",
"185696123082887796366643922406931954908",
"140962149972854787697455876797272875024",
"172268737465801296500107483293618244501"
]
}
},
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Function",
"target": {
"function": "content",
"file": "common/src/main/java/com/thoughtworks/go/server/presentation/html/HtmlElement.java"
},
"id": "CVE-2021-43288-17fee504",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "277832213749086550094602471120368985873",
"length": 79.0
}
},
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Line",
"target": {
"file": "common/src/main/java/com/thoughtworks/go/domain/DirectoryEntries.java"
},
"id": "CVE-2021-43288-8ad89d5c",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"198270681855997635050275658244298040909",
"92694157782684808310545017511849568516",
"159073927930292031138447366549011488720",
"177899793082831555105634838780035529231"
]
}
},
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Line",
"target": {
"file": "common/src/main/java/com/thoughtworks/go/domain/FolderDirectoryEntry.java"
},
"id": "CVE-2021-43288-b126524f",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"119410508526062846899070262397994851315",
"30735711512745886265326382857562123540",
"273540969283561134716709162127965113682",
"176275089518117490442390096014503045418"
]
}
},
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Line",
"target": {
"file": "common/src/main/java/com/thoughtworks/go/server/presentation/html/HtmlElement.java"
},
"id": "CVE-2021-43288-b5dab9ba",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"312044316349043762132660748309941610253",
"256637536371406419586597220985411684489",
"333124841869036422491056056007801561635",
"235771309604204505386534889221782206700",
"50947427936912875553634603336562278676",
"117681936723556710923454445676841017941",
"177432775209488317237403144805652479666",
"211145546446505473087097954992567901577",
"54553599175285427904195511061305691940",
"44321068693799336148783371705659211925",
"222000082690613801919619545979750701695"
]
}
},
{
"source": "https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4",
"signature_type": "Line",
"target": {
"file": "common/src/main/java/com/thoughtworks/go/domain/FileDirectoryEntry.java"
},
"id": "CVE-2021-43288-c932b981",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"236366784861235243515631465874348738547",
"294165472048635542858226235474378532441",
"29744849027231144714792298547525138320",
"252194360484237263014059727769367591571"
]
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43288.json"