Skip to content

fix: sanitize message in notification component#2664

Merged
csarnataro merged 2 commits into
mainfrom
fix-security-in-notification-component
Mar 24, 2025
Merged

fix: sanitize message in notification component#2664
csarnataro merged 2 commits into
mainfrom
fix-security-in-notification-component

Conversation

@csarnataro

Copy link
Copy Markdown
Collaborator

Motivation

A Cross Site Scripting vulnerability has been found in the notification component.

Change description

We're fixing the issue by sanitising the message before showing it in the notification popup

Other information

Reviewer checklist

  • PR addresses a single concern.
  • The PR has no duplicates (please search among the Pull Requests before creating one)
  • PR title and description are properly filled.
  • Docs have been added / updated (for bug fixes / features)
Comment thread .gitignore Outdated

@rhpco rhpco left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fix resolves the CVE-2025-27608, as described in the advisory available at GHSA-252h-4j5q-88pc.

@csarnataro csarnataro merged commit d298b3f into main Mar 24, 2025
@csarnataro csarnataro deleted the fix-security-in-notification-component branch March 24, 2025 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants