Impact
This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory published in our readthedocs.org repo.
This is an internal dependency managed by Read the Docs, users of Read the Docs (readthedocs.org/readthedocs.com) do not need to take any further action to update this dependency.
This issue was discovered by a member of our team, and we have seen no signs that this vulnerability was exploited in the wild.
Patches
This issue has been patched in our 0.9.3 version.
References
For more information
If you have any questions or comments about this advisory, email us at [email protected] (PGP)
Impact
This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory published in our readthedocs.org repo.
This is an internal dependency managed by Read the Docs, users of Read the Docs (readthedocs.org/readthedocs.com) do not need to take any further action to update this dependency.
This issue was discovered by a member of our team, and we have seen no signs that this vulnerability was exploited in the wild.
Patches
This issue has been patched in our 0.9.3 version.
References
For more information
If you have any questions or comments about this advisory, email us at [email protected] (PGP)