CVE-2022-0869 Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.

CVE-2022-0869 Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.

You need to update your site to work with the new version. Otherwise, GitHub will not allow you to push new updates. After updating your site, you can reopen your GitHub issues. The open issues will now be marked as closed. This can be confusing at first, but it is ok. The issues have simply been moved to a different location. The new location is https://raw.githubusercontent.com/github/nxn/nxn/master/issues. On that location, you can now click “Open issues” to see your old issues.

Install the New API on Your Site

To install the new API, you need to update your site to work with the new version. Otherwise, GitHub will not allow you to push new updates. After updating your site, you can reopen your GitHub issues. The open issues will now be marked as closed. This can be confusing at first, but it is ok. The issues have simply been moved to a different location. The new location is https://raw.githubusercontent.com/github/nxn/nxn/master/issues. On that location, you can now click “Open issues” to see your old issues.

How to update your website for the new version

If you don't want to go through the trouble of updating your website for the new version, you can use GitHub's feature that allows GitHub users to merge their issues. It will create a new issue on https://raw.githubusercontent.com/nxn/nxn/master/issues and will close the old one in your repository.

How to verify if your site is affected by the CVE

To make sure that your site is not affected by the vulnerability, you can go to the nxn repository on GitHub and click the "Verify issues" button. If the results say that your site is not affected, you do not need to worry about updating your site.

GitHub has updated their API

For the past few months, GitHub has been working on updating their API. The new version of the API includes a lot of changes for both GitHub users and those who use GitHub issues. One of the main differences is that GitHub will no longer allow you to update issues once they have been created. This means that if you have an open issue, you will need to re-open it after you updated your site to work with the new API.
This can be confusing at first, but it is ok. The old issues are still there on raw.githubusercontent.com/nxn/nxn/master/issues now labeled as closed, so you can still see them, but they are moved to a different location on github.com itself where they can be opened again if needed.

How to update your site in a secure way

The easiest way to update your site is to download the latest version of NXN and then upload the files on your site. If you want to avoid updating your site, you can also manually update each of your pages. You can do this by replacing the old CSS or JavaScript files with the new ones. The hard way requires that you check each page of your site individually and replace them one at a time. It’s best to use a plugin like WP-CLI for this process if possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe