Advisory #47
TitleRefined GitHub cross-site scripting via links in documents
CVE IDCVE-2021-34364
VendorRefined GitHub Maintainers
Affected productRefined GitHub
Affected versions- 21.6.1
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionRefined GitHub has a vulnerability that allows a malicious link to inject arbitrary HTMLs. NOTE: This vulnerability is mitigated by GitHub's strict CSP.
StatusFixed in 21.6.8
RecommendationUpdate to 21.6.8 or above