There are 2 open security issues in bookworm.
1 important issue:
- CVE-2025-11147:
Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”.
1 issue left for the package maintainer to handle:
- CVE-2025-11146:
(needs triaging)
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
You can find information about how to handle this issue in the security team's documentation.