plone.restapi@8.32.4 vulnerabilities

plone.restapi is a RESTful hypermedia API for Plone.

Direct Vulnerabilities

Known vulnerabilities in the plone.restapi package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Cross-site Scripting (XSS)

plone.restapi is a RESTful hypermedia API for Plone.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization of SVG image in user portrait. To exploit the vulnerability, an attacker would first need to upload an SVG image as user portrait, and then trick a user into following a link to this portrait.

Note

A page that uses an image tag with an SVG image as a source is never vulnerable.

How to fix Cross-site Scripting (XSS)?

Upgrade plone.restapi to version 8.43.3 or higher.

[8.0.0,8.43.3)