Vulnerability Overview Vulnerability Name: ANSI escape sequences not being sanitized in user input Publisher: caarlos0 Vulnerability ID: GHSA-fv2r-r8mp-pg48 Release Date: 3 days ago Corresponding CVE ID: CVE-2025-64494 Affected Scope Affected Versions: <= v0.10.0 Fixed Version: v0.11.0 Impact Details Vulnerability Description: ANSI escape sequences are not properly sanitized in multiple user-input fields (e.g., names), which can be exploited for malicious purposes such as spoofing alerts. Specific Discovery Locations: 1. Repository description ( - ) 2. Repository project name ( - ) 3. Git commit author name ( ) 4. Git commit message ( ) 5. Access token name ( ) 6. Webhook URL ( ) Remediation and Mitigation Released Fixed Version: v0.11.0 No Other Temporary Mitigations Available Vulnerability Assessment Severity: Moderate, CVSS v3 Score: 4.6/10 CVSS v3 Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None Related Participants Reporter: Tomer-PL Fix Developer: caarlos0 Known Weaknesses Related CWE ID: CWE-150