[gollum] Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-35305
• https://github.com/Szarny/
• https://github.com/gollum/
• https://github.com/gollum/gollum/releases/tag/v5.1.2
• http://gollum.com
• https://github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2020-35305.yml
• https://github.com/advisories/GHSA-fj2w-qmjp-3rjm