{"url":"http://public2.vulnerablecode.io/api/packages/373021?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@1.80.0-v2.20.0.20240731122110-189505c80fa6","type":"golang","namespace":"github.com/zitadel","name":"zitadel","version":"1.80.0-v2.20.0.20240731122110-189505c80fa6","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.80.0-v2.20.0.20240731122357-a1d24353db4d","latest_non_vulnerable_version":"4.15.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57495?format=json","vulnerability_id":"VCID-fgmg-fb51-fqc3","summary":"Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41953","reference_id":"","reference_type":"","scores":[{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85952","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.86001","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41953"},{"reference_url":"https://github.com/zitadel/zitadel","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zitadel/zitadel"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41953","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41953"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-3015","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2024-3015"},{"reference_url":"https://github.com/zitadel/zitadel/commit/0e1f99e987b5851caec45a72660fe9f67e425747","reference_id":"0e1f99e987b5851caec45a72660fe9f67e425747","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/0e1f99e987b5851caec45a72660fe9f67e425747"},{"reference_url":"https://github.com/zitadel/zitadel/commit/38da602ee1cfc35c0d7918c298fbfc3f3674133b","reference_id":"38da602ee1cfc35c0d7918c298fbfc3f3674133b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/38da602ee1cfc35c0d7918c298fbfc3f3674133b"},{"reference_url":"https://github.com/zitadel/zitadel/commit/4b59cac67bb89c1f3f84a2041dd273d11151d29f","reference_id":"4b59cac67bb89c1f3f84a2041dd273d11151d29f","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/4b59cac67bb89c1f3f84a2041dd273d11151d29f"},{"reference_url":"https://github.com/zitadel/zitadel/commit/c1a3fc72dde16e987d8a09aa291e7c2edfc928f7","reference_id":"c1a3fc72dde16e987d8a09aa291e7c2edfc928f7","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/c1a3fc72dde16e987d8a09aa291e7c2edfc928f7"},{"reference_url":"https://github.com/zitadel/zitadel/commit/c353f82f89c6982c0888c6763363296cf4263cb2","reference_id":"c353f82f89c6982c0888c6763363296cf4263cb2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/c353f82f89c6982c0888c6763363296cf4263cb2"},{"reference_url":"https://github.com/zitadel/zitadel/commit/d04ac6df8f2f0243e649b802a8bfa6176cef0923","reference_id":"d04ac6df8f2f0243e649b802a8bfa6176cef0923","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/d04ac6df8f2f0243e649b802a8bfa6176cef0923"},{"reference_url":"https://github.com/zitadel/zitadel/commit/f846616a3f022e88e3ea8cea05d3254ad86f1615","reference_id":"f846616a3f022e88e3ea8cea05d3254ad86f1615","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/commit/f846616a3f022e88e3ea8cea05d3254ad86f1615"},{"reference_url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-v333-7h2p-5fhv","reference_id":"GHSA-v333-7h2p-5fhv","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-v333-7h2p-5fhv"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.52.3","reference_id":"v2.52.3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.52.3"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.53.9","reference_id":"v2.53.9","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.53.9"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.54.8","reference_id":"v2.54.8","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.54.8"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.55.5","reference_id":"v2.55.5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.55.5"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.56.2","reference_id":"v2.56.2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.56.2"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.57.1","reference_id":"v2.57.1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.57.1"},{"reference_url":"https://github.com/zitadel/zitadel/releases/tag/v2.58.1","reference_id":"v2.58.1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T13:48:22Z/"}],"url":"https://github.com/zitadel/zitadel/releases/tag/v2.58.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373020?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@0.0.0-20240731122110-189505c80fa6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@0.0.0-20240731122110-189505c80fa6"},{"url":"http://public2.vulnerablecode.io/api/packages/373021?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@1.80.0-v2.20.0.20240731122110-189505c80fa6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@1.80.0-v2.20.0.20240731122110-189505c80fa6"},{"url":"http://public2.vulnerablecode.io/api/packages/373011?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.52.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.52.3"},{"url":"http://public2.vulnerablecode.io/api/packages/373012?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.53.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.53.9"},{"url":"http://public2.vulnerablecode.io/api/packages/373013?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.54.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.54.8"},{"url":"http://public2.vulnerablecode.io/api/packages/373014?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.55.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.55.5"},{"url":"http://public2.vulnerablecode.io/api/packages/373015?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.56.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.56.2"},{"url":"http://public2.vulnerablecode.io/api/packages/373017?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.57.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.57.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373019?format=json","purl":"pkg:golang/github.com/zitadel/zitadel@2.58.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@2.58.1"}],"aliases":["CVE-2024-41953","GHSA-v333-7h2p-5fhv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgmg-fb51-fqc3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/zitadel/zitadel@1.80.0-v2.20.0.20240731122110-189505c80fa6"}