CVE-2019-12047

Name of the Vulnerable Software and Affected Versions Gridea version 0.8.0

Description The issue allows for arbitrary code execution through an XSS vulnerability. This can be achieved by calling the Nodejs module, as demonstrated by the use of child process.exec and the substring <img src=# onerror='eval(new Buffer(.

Recommendations For Gridea version 0.8.0, consider disabling the child process.exec function until a patch is available to prevent arbitrary code execution. Restrict access to the Nodejs module to minimize the risk of exploitation. Avoid using the eval function in the onerror attribute of the img tag until the issue is resolved.