Upstream information

CVE-2024-32875 at MITRE

Description

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The issue is patched in v0.125.3. As a workaround, replace the templates with user defined templates or disable the internal templates.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1223309 [IN_PROGRESS]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Tue Apr 23 16:00:06 2024
CVE page last modified: Wed May 29 21:41:00 2024