CVE-2023-0493 – btcpayserver.client

Package

Manager: nuget
Name: btcpayserver.client
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: 0.01092 pctl0.77119

Details

Withdrawn Advisory: HTML injections in BTCPayServer ## Withdrawn Advisory This advisory has been withdrawn because all of the files affected by this vulnerability lie in the [BTCPayServer folder](https://github.com/btcpayserver/btcpayserver/tree/master/BTCPayServer), which is not in the NuGet ecosystem. The [BTCPayServer folder](https://github.com/btcpayserver/btcpayserver/tree/master/BTCPayServer.Client), corresponding to the [BTCPayServer NuGet entry](https://www.nuget.org/packages/BTCPayServer.Client), does not contain any files that were changed to fix the vulnerability. ## Original Description Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

Metadata

Created: 2023-01-27T00:30:18Z
Modified: 2023-10-10T21:18:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-33gv-rvgq-gpxp/GHSA-33gv-rvgq-gpxp.json
CWE IDs: ["CWE-74", "CWE-76"]
Alternative ID: GHSA-33gv-rvgq-gpxp
Finding: N/A
Auto approve: 0