VDB
GO-2024-3314
GO-2024-3314
PUBLISHED
Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | gohugoio/hugo | 0.123.0, 0.123.0 |
Timeline
- Dec 10, 2024 CVE Published
- Mar 3, 2026 CVE Updated
References
- https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx advisory
- https://github.com/gohugoio/hugo/commit/54398f8d572c689f9785d59e907fd910a23401b0 patch
- https://github.com/gohugoio/hugo/releases/tag/v0.139.4 url
- https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault url