Skip to main content

Gollum

3 CVEs product

Monthly

CVE-2020-35305 Ruby MEDIUM PATCH This Month

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gollum
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2014-9489 Ruby HIGH PATCH This Week

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Gollum Gollum Lib Grit Adapter
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2015-7314 Ruby MEDIUM PATCH This Month

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gollum
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gollum
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Authentication Bypass Gollum +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gollum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy