Gollum Project

gollum_project

3 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-35305 1Gollum Project 1Gollum Nov 21, 2024 Jul 15, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
CVE-2014-9489 1Gollum Project 3Gollum Gollum LibGrit Adapter May 13, 2026 Oct 17, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users...Show more The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.Show less
CVE-2015-7314 1Gollum Project 1Gollum May 6, 2026 Oct 6, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.