Gollum Project » Gollum : Security Vulnerabilities, CVEs,

CVE-2020-35305

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
Max CVSS
6.1
EPSS Score
0.11%
Published
2022-07-15
Updated
2022-07-21

CVE-2015-7314

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
Max CVSS
4.3
EPSS Score
0.50%
Published
2015-10-06
Updated
2015-10-07

CVE-2014-9489

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.
Max CVSS
8.8
EPSS Score
0.47%
Published
2017-10-17
Updated
2017-11-08
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close