Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-g9w4-prf3-m25g

GitHub Security Advisory

Obfuscated email addresses should not be sorted

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

## Impact

The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.

See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.

## Patches

This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.

## Workarounds

The workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c).

## References

- https://jira.xwiki.org/browse/XWIKI-20601
- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c

## For more information

If you have any questions or comments about this advisory:

- Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)
- Email us at [Security Mailing List](mailto:[email protected])

Affected Packages

Maven org.xwiki.platform:xwiki-platform-livetable-ui
Affected versions: 3.5-milestone-1 (fixed in 14.10.9)
Maven org.xwiki.platform:xwiki-platform-livetable-ui
Affected versions: 15.0 (fixed in 15.3-rc-1)

Related CVEs

CVE-2023-38509

Key Information

GHSA ID
GHSA-g9w4-prf3-m25g
Published
July 27, 2023 7:28 PM
Last Modified
March 18, 2024 7:55 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-livetable-ui
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.