Vulnerability	Vulnerable Version
M Improper Encoding or Escaping of Output koji is a system for building and tracking RPMS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper user input sanitization. How to fix Improper Encoding or Escaping of Output? Upgrade `koji` to version 1.33.2, 1.34.3, 1.35.1 or higher.	[,1.33.2)[1.34.0,1.34.3)[1.35.0,1.35.1)
H Directory Traversal koji is a system for building and tracking RPMS. Affected versions of this package are vulnerable to Directory Traversal due to insufficient upload path validation. An attacker with credentials could choose an arbitrary destination for the uploaded file, resulting with Privilege Escalation. Note: the legacy-py24 branch is unaffected since it is client-only (no hub) How to fix Directory Traversal? Upgrade `koji` to version 1.14.3, 1.15.3, 1.16.3, 1.17.1, 1.18.1 or higher.	[,1.14.3)[1.15.0,1.15.3)[1.16.0,1.16.3)[1.17.0,1.17.1)[1.18.0,1.18.1)

Improper Encoding or Escaping of Output

koji is a system for building and tracking RPMS.

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper user input sanitization.

How to fix Improper Encoding or Escaping of Output?

Upgrade koji to version 1.33.2, 1.34.3, 1.35.1 or higher.

[,1.33.2)[1.34.0,1.34.3)[1.35.0,1.35.1)

Directory Traversal

koji is a system for building and tracking RPMS.

Affected versions of this package are vulnerable to Directory Traversal due to insufficient upload path validation. An attacker with credentials could choose an arbitrary destination for the uploaded file, resulting with Privilege Escalation.

Note: the legacy-py24 branch is unaffected since it is client-only (no hub)

How to fix Directory Traversal?

Upgrade koji to version 1.14.3, 1.15.3, 1.16.3, 1.17.1, 1.18.1 or higher.

[,1.14.3)[1.15.0,1.15.3)[1.16.0,1.16.3)[1.17.0,1.17.1)[1.18.0,1.18.1)

Go back to all versions of this package