CVE-2024-34699 Information

Description

GZ::CTF is a capture the flag platform. Prior to 0.20.1 unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1.

Reference

https://github.com/GZTimeWalker/GZCTF/commit/31e775b65cddf82a567d68dcdc78c1739b746346 https://github.com/GZTimeWalker/GZCTF/security/advisories/GHSA-p6rq-5x3x-rmhh