{ "schema_version": "1.4.0", "id": "GHSA-33gv-rvgq-gpxp", "modified": "2023-10-10T21:18:09Z", "published": "2023-01-27T00:30:18Z", "withdrawn": "2023-10-10T21:18:09Z", "aliases": [ "CVE-2023-0493" ], "summary": "Withdrawn Advisory: HTML injections in BTCPayServer", "details": "## Withdrawn Advisory\nThis advisory has been withdrawn because all of the files affected by this vulnerability lie in the [BTCPayServer folder](https://github.com/btcpayserver/btcpayserver/tree/master/BTCPayServer), which is not in the NuGet ecosystem. The [BTCPayServer folder](https://github.com/btcpayserver/btcpayserver/tree/master/BTCPayServer.Client), corresponding to the [BTCPayServer NuGet entry](https://www.nuget.org/packages/BTCPayServer.Client), does not contain any files that were changed to fix the vulnerability.\n\n## Original Description\nImproper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [ { "package": { "ecosystem": "NuGet", "name": "BTCPayServer.Client" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.7.5" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0493" }, { "type": "WEB", "url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a" }, { "type": "WEB", "url": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a" }, { "type": "WEB", "url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html" } ], "database_specific": { "cwe_ids": [ "CWE-74", "CWE-76" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-02-04T00:30:29Z", "nvd_published_at": "2023-01-26T23:15:00Z" } }