Gupta-Kartik

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 3.3.0 through 2019.10.4 **Description** The issue allows an authenticated user with PackagePush permission to upload a maliciously crafted package. This can trigger an exception that exposes underlying operating system details. **Recommendations** For versions 3.3.0 through 2019.10.4, update to a version that contains a fix for this issue to prevent the upload of malicious packages and exposure of operating system details.

**Name of the Vulnerable Software and Affected Versions** Octopus Server versions 3.4.0 through 2019.10.5 **Description** A persistent cross-site scripting (XSS) issue allows remote authenticated attackers to inject arbitrary web script or HTML. **Recommendations** For versions 3.4.0 through 2019.10.5, update to a version later than 2019.10.5 to resolve the issue.