CVE-2024-39610: FitNesse Cross-site scripting

November 15, 2024 (updated November 20, 2024)

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.

References

fitnesse.org/FitNesseDownload
github.com/advisories/GHSA-pg82-9w35-3w3r
github.com/unclebob/fitnesse
github.com/unclebob/fitnesse/releases/tag/20241026
jvn.jp/en/jp/JVN36791327
nvd.nist.gov/vuln/detail/CVE-2024-39610

Code Behaviors & Features

Detect and mitigate CVE-2024-39610 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →