Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/goharbor/harbor(Go) | 2.12.0-rc1 | 2.12.4-rc1 | N/A |
| github.com/goharbor/harbor(Go) | 2.13.0-rc1 | 2.13.1-rc1 | N/A |
| github.com/goharbor/harbor(Go) | 2.4.0-rc1.1 | N/A | N/A |
| github.com/goharbor/harbor(Go) | 0 | 2.4.0-rc1.0.20250421072404-a13a16383a41 | N/A |
CVSS Metrics
