poky/gi-docgen at fb0a4eb7a8aa94deffd46c4611175dee4ffe2d07 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-06-21 13:54:22 +02:00

Files

Zhang Peng 62a327e3bc gi-docgen: fix CVE-2025-11687

CVE-2025-11687:
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the
context of the page — enabling DOM access, session cookie theft and other client-side attacks — via
a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-11687]

Upstream patch:
[c53d2640bf]

(From OE-Core rev: 76c1f08fadad94098bd265d662eb5a0408c95efc)

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>

2026-05-04 13:57:31 +01:00

files

gi-docgen: fix CVE-2025-11687

2026-05-04 13:57:31 +01:00

gi-docgen_2023.3.bb

gi-docgen: fix CVE-2025-11687

2026-05-04 13:57:31 +01:00