PYSEC-2024-16

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nautobot/PYSEC-2024-16.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2024-16
Aliases
Published
2024-01-23T00:15:00Z
Modified
2024-01-29T20:56:26.690801Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.

References

Affected packages

PyPI / nautobot

Package

Name
nautobot
View open source insights on deps.dev
Purl
pkg:pypi/nautobot

Affected ranges

Type
GIT
Repo
https://github.com/nautobot/nautobot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
17effcbe84a72150c82b138565c311bbee357e80
Fixed
64312a4297b5ca49b6cdedf477e41e8e4fd61cce
Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.1.2
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.10

Affected versions

1.*

1.0.0a1
1.0.0a2
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.7
1.4.8
1.4.9
1.4.10
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0b1
2.1.0
2.1.1