CVE-2024-32979

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32979

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32979.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32979

Aliases

GHSA-jxgr-gcj5-cqqg

Related

GHSA-jxgr-gcj5-cqqg

Published

2024-05-01T11:15:47Z

Modified

2025-01-08T16:04:10.330608Z

Summary

[none]

Details

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nautobot/nautobot

Affected ranges

Type: GIT
Repo: https://github.com/nautobot/nautobot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

42440ebd9b381534ad89d62420ebea00d703d64e

Fixed

42440ebd9b381534ad89d62420ebea00d703d64e

Affected versions

v1.*

v1.0.0

v1.0.0a1

v1.0.0a2

v1.0.0b1

v1.0.0b2

v1.0.0b3

v1.0.0b4

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.0b1

v1.1.0b2

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.2

v1.2.0

v1.2.0b1

v1.2.1

v1.2.10

v1.2.11

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3

v1.3.0

v1.3.0-beta.1

v1.3.1

v1.3.10

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.0-alpha.1

v1.4.0-alpha.2

v1.4.0-beta.1

v1.4.0-rc.1

v1.4.1

v1.4.10

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.0-beta.1

v1.5.1

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.14

v1.5.15

v1.5.16

v1.5.17

v1.5.18

v1.5.19

v1.5.2

v1.5.20

v1.5.21

v1.5.22

v1.5.23

v1.5.24

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.0-rc.1

v1.6.1

v1.6.2

v2.*

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.0.0-rc.4

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.0-beta.1

v2.2.1

v2.2.2