Upstream information
Description
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
SUSE Bugzilla entry: 1223309 [IN_PROGRESS] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Apr 23 16:00:06 2024CVE page last modified: Fri Apr 26 16:40:02 2024