First published: Tue Apr 23 2024(Updated: )
### Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. ### Patches Patched in v0.125.3. ### Workarounds Replace with user defined templates or disable the internal templates: https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault ### References https://github.com/gohugoio/hugo/releases/tag/v0.125.3
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/gohugoio/hugo | >=0.123.0<0.125.3 | 0.125.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.