gollum
RubyGems3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting gollumpage 1 of 1
- CVE-2014-9489HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.12017-10-17
vulnerable: 1.0.0 ... 3.1.0 (66 versions)
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrar…
- CVE-2015-7314NONECVSS 0.0EG 0.0✓ Fixed in 4.0.12015-10-06
vulnerable: 1.0.0 ... 4.0.0 (70 versions)
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
- CVE-2020-35305MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.1.22022-07-15
vulnerable: 5.0.0, 5.0.1, 5.1, 5.1.1
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
Check whether gollum is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gollum CVEs against the assets you own.
Start Free Scan →