Cross-site scripting in Login functionality (`GHSL-2024-128`)

High

ryanmelt published GHSA-vfj8-5pj7-2f9g

Oct 2, 2024

Package

openc3 (RubyGems)

Affected versions

< 5.19.0

Patched versions

5.19.0

Description

Summary

The login functionality contains a reflected cross-site scripting (XSS) vulnerability.

Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition

Impact

This issue may lead up to Remote Code Execution (RCE).