Control characters were not removed when exporting user...
Moderate severity
Unreviewed
Published
Jun 20, 2023
to the GitHub Advisory Database
•
Updated Jan 12, 2024
Description
Published by the National Vulnerability Database
Jun 20, 2023
Published to the GitHub Advisory Database
Jun 20, 2023
Last updated
Jan 12, 2024
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
References