Updated advisory posts against rubysec/ruby-advisory-db@7b6de19

jasnow · RubySec CI · commit 1cbb352c772d · 2024-10-03T00:07:43.000Z
diff --git a/advisories/_posts/2024-10-01-CVE-2024-41673.md b/advisories/_posts/2024-10-01-CVE-2024-41673.md
@@ -0,0 +1,43 @@
+---
+layout: advisory
+title: 'CVE-2024-41673 (decidim): Decidim has a cross-site scripting vulnerability
+  in the version control page'
+comments: false
+categories:
+- decidim
+advisory:
+  gem: decidim
+  cve: 2024-41673
+  ghsa: cc4g-m3g7-xmw8
+  url: https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
+  title: Decidim has a cross-site scripting vulnerability in the version control page
+  date: 2024-10-01
+  description: |
+    ### Impact
+
+    The version control feature used in resources is subject to potential
+    cross-site scripting (XSS) attack through a malformed URL.
+
+    ### Workarounds
+
+    Not available
+
+    ### References
+
+    OWASP ASVS v4.0.3-5.1.3
+
+    ### Credits
+
+    This issue was discovered in a security audit organized by
+    [Open Source Politics](https://opensourcepolitics.eu/)
+    against Decidim done during July 2025.
+  cvss_v3: 7.1
+  patched_versions:
+  - ">= 0.27.8"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-41673
+    - https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8
+    - https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637
+    - https://github.com/advisories/GHSA-cc4g-m3g7-xmw8
+---
