Search criteria
3 vulnerabilities found for poddycast by electronjs
FKIE_CVE-2021-32772
Vulnerability from fkie_nvd - Published: 2021-08-03 15:15 - Updated: 2024-11-21 06:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | poddycast | 0.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:poddycast:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790DD050-D6E1-43E9-9C5E-980E28B2424E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1."
},
{
"lang": "es",
"value": "Poddycast es una aplicaci\u00f3n de podcast hecha con Electron. Anterior a versi\u00f3n 0.8.1, un atacante puede crear un podcast o episodio con caracteres maliciosos y ejecutar comandos en la m\u00e1quina cliente. La aplicaci\u00f3n no limpia los caracteres HTML de la informaci\u00f3n del podcast obtenida del Feed, lo que permite la inyecci\u00f3n de c\u00f3digo HTML y JS (cross-site scripting). Al tratarse de una aplicaci\u00f3n realizada en electron, el ataque de tipo cross-site scripting puede escalar a la ejecuci\u00f3n de c\u00f3digo remota, haciendo posible la ejecuci\u00f3n de comandos en la m\u00e1quina donde se ejecuta la aplicaci\u00f3n. La vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 0.8.1 de Poddycast"
}
],
"id": "CVE-2021-32772",
"lastModified": "2024-11-21T06:07:42.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-03T15:15:08.503",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-32772 (GCVE-0-2021-32772)
Vulnerability from cvelistv5 – Published: 2021-08-03 14:15 – Updated: 2024-08-03 23:33
VLAI?
Title
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries
Summary
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MrChuckomo | poddycast |
Affected:
< 0.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poddycast",
"vendor": "MrChuckomo",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-03T14:15:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
],
"source": {
"advisory": "GHSA-wjmh-9fj2-rqh6",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in helper_entries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32772",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in helper_entries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "poddycast",
"version": {
"version_data": [
{
"version_value": "\u003c 0.8.1"
}
]
}
}
]
},
"vendor_name": "MrChuckomo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6",
"refsource": "CONFIRM",
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
]
},
"source": {
"advisory": "GHSA-wjmh-9fj2-rqh6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32772",
"datePublished": "2021-08-03T14:15:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32772 (GCVE-0-2021-32772)
Vulnerability from nvd – Published: 2021-08-03 14:15 – Updated: 2024-08-03 23:33
VLAI?
Title
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries
Summary
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MrChuckomo | poddycast |
Affected:
< 0.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "poddycast",
"vendor": "MrChuckomo",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-03T14:15:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
],
"source": {
"advisory": "GHSA-wjmh-9fj2-rqh6",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in helper_entries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32772",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in helper_entries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "poddycast",
"version": {
"version_data": [
{
"version_value": "\u003c 0.8.1"
}
]
}
}
]
},
"vendor_name": "MrChuckomo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6",
"refsource": "CONFIRM",
"url": "https://github.com/MrChuckomo/poddycast/security/advisories/GHSA-wjmh-9fj2-rqh6"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/favorite.js#L4-L14"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/feed.js#L285"
},
{
"name": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80",
"refsource": "MISC",
"url": "https://github.com/MrChuckomo/poddycast/blob/8d31daa5cee04a389ec35f974959ea3fe4638be9/app/js/helper/helper_entries.js#L80"
}
]
},
"source": {
"advisory": "GHSA-wjmh-9fj2-rqh6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32772",
"datePublished": "2021-08-03T14:15:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}