Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11358 (GCVE-0-2019-11358)
Vulnerability from cvelistv5 – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
VLAI
EPSS
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
73 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-11358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:03:16.892088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:23.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:52.187Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11358",
"datePublished": "2019-04-19T00:00:00.000Z",
"dateReserved": "2019-04-19T00:00:00.000Z",
"dateUpdated": "2024-11-15T15:11:23.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-11358",
"date": "2026-06-16",
"epss": "0.87218",
"percentile": "0.99726"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.0\", \"matchCriteriaId\": \"D2D193C7-2259-492F-8B85-E74C57A7426A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.66\", \"matchCriteriaId\": \"FC5AB839-4DAC-45E7-9D0B-B528F6D12043\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndExcluding\": \"8.5.15\", \"matchCriteriaId\": \"9106BF81-B898-4EB0-B63C-9919D3B22260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.6.0\", \"versionEndExcluding\": \"8.6.15\", \"matchCriteriaId\": \"9B37281E-9B44-42A5-AE0A-17CE6770995C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.11.0\", \"versionEndExcluding\": \"1.11.9\", \"matchCriteriaId\": \"E75C32CE-3FA9-4DC2-A22A-4A841D4911EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.12.0\", \"versionEndExcluding\": \"1.12.6\", \"matchCriteriaId\": \"F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40513095-7E6E-46B3-B604-C926F1BA3568\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0\", \"versionEndIncluding\": \"3.1.3\", \"matchCriteriaId\": \"B9273745-6408-4CD3-94E8-9385D4F5FE69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04AC556D-D511-4C4C-B9FB-A089BB2FEFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA1A18F-D997-4121-A01B-FD9B3BF266CF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"230E2167-9107-4994-8328-295575E17DF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"900D2344-5160-42A0-8C49-36DBC7FF3D87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1\", \"matchCriteriaId\": \"90CFEC52-A574-493E-A2AC-0EC21851BBFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3665B8A2-1F1A-490F-B01D-5B3455A6A539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8577D60-A711-493D-9246-E49D0E2B07E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17EA8B91-7634-4636-B647-1049BA7CA088\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F17843-32EA-4C31-B65C-F424447BEF7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C784CEE8-F071-4583-A72D-F46C7C95FEC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A125E817-F974-4509-872C-B71933F42AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBE7BF09-B89C-4590-821E-6C0587E096B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18127694-109C-4E7E-AE79-0BA351849291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndIncluding\": \"2.8.0\", \"matchCriteriaId\": \"660DB443-6250-4956-ABD1-C6A522B8DCCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndIncluding\": \"2.10.0\", \"matchCriteriaId\": \"3625D477-1338-46CB-90B1-7291D617DC39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CD806C1-CC17-47BD-8BB0-9430C4253BC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DC56004-4497-4CDD-AE76-5E3DFAE170F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"274A0CF5-41E8-42E0-9931-F7372A65B9C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E869C417-C0E6-4FC3-B406-45598A1D1906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D98C27-734F-490B-92D5-251805C841B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B796AC70-A220-48D8-B8CD-97CF57227962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"790A89FD-6B86-49AE-9B4F-AE7262915E13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7231AF76-3D46-41C4-83E9-6E9E12940BD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E39D442D-1997-49AF-8B02-5640BE2A26CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4534CF9-D9FD-4936-9D8C-077387028A05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCA44E38-EB8C-4E2D-8611-B201F47520E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndIncluding\": \"16.4.0\", \"matchCriteriaId\": \"1A0E3537-CB5A-40BF-B42C-CED9211B8892\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndIncluding\": \"6.4\", \"matchCriteriaId\": \"4E16A16E-BFA3-4D17-9B4E-B42ADE725356\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndIncluding\": \"4.3\", \"matchCriteriaId\": \"9264AF8A-3819-40E5-BBCB-3B6C95A0D828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3517A27-E6EE-497C-9996-F78171BBE90F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C3CE8D5-6404-4CEB-953E-7B7961BC14D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"062E4E7C-55BB-46F3-8B61-5A663B565891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB43DFD4-D058-4001-BD19-488E059F4532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"086E2E5C-44EB-4C07-B298-C04189533996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA77B994-3872-4059-854B-0974AA5593D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5682DAEB-3810-4541-833A-568C868BCE0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01BC9AED-F81D-4344-AD97-EEF19B6EA8C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8198E762-9AD9-452B-B1AF-516E52436B7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D177F6-25D9-4696-8528-3F57D91BAC12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"726DB59B-00C7-444E-83F7-CB31032482AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80B6D265-9D72-45C3-AA2C-5B186E23CDAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37209C6F-EF99-4D21-9608-B3A06D283D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7015A8CB-8FA6-423E-8307-BD903244F517\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3.3\", \"versionEndIncluding\": \"7.3.5\", \"matchCriteriaId\": \"B5BC32AA-78BE-468B-B92A-5A0FFFA970FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.2\", \"versionEndIncluding\": \"8.1.0\", \"matchCriteriaId\": \"FA699B16-5100-4485-9BB7-85B247743B17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"A7E00BA1-E643-45D9-97D3-EF12C29DB262\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ACA29E6-F393-46E5-B2B3-9158077819A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"703DA91D-3440-4C67-AA20-78F71B1376DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39B8DFFF-B037-4F29-8C8E-F4BBC3435199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A566893-8DCF-49E4-93D0-0ACCEFD70D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"A180039F-22C3-458E-967D-E07C61C69FAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00E5D719-249D-48B8-BAFC-1E14D250B3F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.8\", \"matchCriteriaId\": \"2C5F6B8C-2044-4E68-98BD-37B0CD108434\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.6\", \"versionEndIncluding\": \"8.0.9\", \"matchCriteriaId\": \"672949B4-1989-4AA7-806F-EEC07D07F317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.5\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"73E05211-8415-42FB-9B93-959EB03B090B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9476D1DA-C8A8-40A0-94DD-9B46C05FD461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF6A5433-A7D9-4521-9D28-E7684FB76E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"AC15899F-8528-4D10-8CD5-F67121D7F293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F727AAC6-6D9F-4B28-B07C-6A93916C43A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"30657F1B-D1FC-4EE6-9854-18993294A01D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51C17460-D326-4525-A7D1-0AED53E75E18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"30F0991A-8507-48C4-9A8E-DE5B28C46A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A00142E6-EEB3-44BD-AB0D-0E5C5640557F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00ED7CB0-96F7-4089-9047-A3AC241139C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"005E458D-4059-4E20-A620-B25DEBCE40C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74008AEE-589F-423E-8D77-EA54C36D776A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD85DB06-692F-4E81-BEB7-1E41B438D1FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6149C89E-0111-4CF9-90CA-0662D2F75E04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CDDF6CA-6441-4606-9D2F-22A67BA46978\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEA4D6CF-D54A-40DF-9B70-E13392D0BE19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.2\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"DB6C521C-F104-4E26-82F2-6F63F94108BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"397B1A24-7C95-4A73-8363-4529A7F6CFCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"402B8642-7ACC-4F42-87A9-AB4D3B581751\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D262848E-AA24-4057-A747-6221BA22ADF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"2163B848-D684-4B17-969A-36E0866C5749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"00615085-65B2-4211-A766-551842B3356F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8E565DA-91BE-44FC-A28F-579BE8D2281A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"669BA301-4D29-4692-823B-CDEDD2A5BD18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"419559E6-5441-4335-8FE1-6ADAAD9355DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"036E4450-53C6-4322-9C7D-91DA94C9A3C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.6\", \"matchCriteriaId\": \"89C26226-A3CF-4D36-BBDA-80E298E0A51F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F67D1332-621E-4756-B205-97A5CF670A19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6748C867-0A52-452B-B4D6-DA80396F4152\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A64B5C4C-DF69-4292-A534-EDC5955CDDAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7141C66-0384-4BA1-A788-91DEB7EF1361\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06E586B3-3434-4B08-8BE3-16C528642CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B95E8056-51D8-4390-ADE3-661B7AE1D7CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9059A907-508B-4844-8D7B-0FA68C0DF6A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5ACB1D2-69CE-4B7D-9B51-D8F80E541631\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1F726C6-EA5A-40FF-8809-4F48E4AE6976\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD7C26E3-BB0D-4218-8176-319AEA2925C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD67072F-3CFC-480D-9360-81A05D523318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"652E762A-BCDD-451E-9DE3-F1555C1E4B16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC63D10-2326-4542-B345-31D45B9A7408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.1.0\", \"versionEndIncluding\": \"19.1.2\", \"matchCriteriaId\": \"7BFD7783-BE15-421C-A550-7FE15AB53ABF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F7BF047-03C5-4A60-B718-E222B16DBF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3A73D81-3E1A-42E6-AB96-835CDD5905F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA10CA55-C155-4DAD-A109-87A80116F1A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66136D6D-FC52-40DB-B7B6-BA8B7758CE16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06514F46-544B-4404-B45C-C9584EBC3131\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD4BF9A-BF38-460D-974D-5B3255AAF946\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"92D538A5-819D-4DF7-85FE-4D4EB6E230E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEDA3A88-002B-4700-9277-3187C0A3E4B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE886BC5-F807-4627-8233-2290817FE205\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0.0\", \"versionEndIncluding\": \"5.6.0.0\", \"matchCriteriaId\": \"B47C73D0-BE89-4D87-8765-12C507F13AFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B8AA91A-1880-43CD-938D-48EF58ACF2CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6B5D7DB-C70E-4926-819F-E39B79F4D0C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7506589-9B3B-49BA-B826-774BFDCC45B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37EB4A1D-A875-46B7-BEB0-694D1F400CF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2233F287-6B9F-4C8A-A724-959DD3AD29AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2381FAB6-8D36-4389-98E4-74F3462654BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.6.0\", \"versionEndIncluding\": \"8.6.3\", \"matchCriteriaId\": \"9E587602-BA7D-4087-BE29-ACE0B01BD590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.0\", \"versionEndIncluding\": \"12.2.15\", \"matchCriteriaId\": \"84668F58-6511-4E53-8213-13B440F454C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D8B3B57-73D6-4402-987F-8AE723D52F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62BF043E-BCB9-433D-BA09-7357853EE127\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F26FB80-F541-4B59-AC3C-633F49388B59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.0\", \"versionEndIncluding\": \"12.2.15\", \"matchCriteriaId\": \"12D3B2F0-E9C7-432B-91C6-A6C329A84B78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.2.0\", \"versionEndIncluding\": \"16.2.11\", \"matchCriteriaId\": \"06CF27F6-ADC1-480C-9D2E-2BD1E7330C32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.12.0\", \"versionEndIncluding\": \"17.12.7\", \"matchCriteriaId\": \"E4AA3854-C9FD-4287-85A0-EE7907D1E1ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.8.0\", \"versionEndIncluding\": \"18.8.9\", \"matchCriteriaId\": \"E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.12.0\", \"versionEndIncluding\": \"19.12.4\", \"matchCriteriaId\": \"69112C56-7747-4E11-A938-85A481529F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9E628E7-6CC5-418C-939F-8EEA69B222A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0.1\", \"versionEndIncluding\": \"2.3.0.3\", \"matchCriteriaId\": \"99579D88-27C0-4B93-B2F4-69B6781BC4BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"36FC547E-861A-418C-A314-DA09A457B13A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"DF9FEE51-50E3-41E9-AA0D-272A640F85CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"E69E905F-2E1A-4462-9082-FF7B10474496\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"0F9B692C-8986-4F91-9EF4-2BB1E3B5C133\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"C5F4C40E-3ABC-4C59-B226-224262DCFF37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C7EEA3-AA72-48DA-A112-2923DBB37773\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0735989-13BD-40B3-B954-AC0529C5B53D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B5F416-56AE-4DC5-BCFF-49702463E716\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58405263-E84C-4071-BB23-165D49034A00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE15D64-6F49-4F43-8079-0C7827384C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36E16AEF-ACEB-413C-888C-8D250F65C180\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFAEA84-E376-40A2-8C9F-3E0676FEC527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"237968A4-AE89-44DC-8BA3-D9651F88883D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"959316A8-C3AF-4126-A242-3835ED0AD1E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70BEF219-45EC-4A53-A815-42FBE20FC300\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EA2023A-1AD6-41FE-A214-9D1F6021D6B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"19.8\", \"matchCriteriaId\": \"2AA4E307-D5FA-461D-9809-BDD123AE7B74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B9198C-11DF-4E80-ACFC-DC719CED8C7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"587EE4F3-E7AC-4A69-9476-0E71E75EE7A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7961BBD-6411-4D32-947D-3940221C235B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"162C6FD9-AEC2-4EBA-A163-3054840B8ACE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6879D52-A44E-4DF8-8A3A-3613822EB469\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AAF89C1-AAC2-449C-90C1-895F5F8843B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0.1\", \"versionEndIncluding\": \"2.3.0.3\", \"matchCriteriaId\": \"2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D551CAB1-4312-44AA-BDA8-A030817E153A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40B13B7-68B3-4510-968C-6A730EB46462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C93CC705-1F8C-4870-99E6-14BF264C3811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.9.4\", \"matchCriteriaId\": \"C63557DE-E65B-46F4-99C4-247EACCB7BBA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\"}, {\"lang\": \"es\", \"value\": \"jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\\u00eda una propiedad enumerable __proto__, podr\\u00eda extender el Object.prototype nativo.\"}]",
"id": "CVE-2019-11358",
"lastModified": "2024-11-21T04:20:56.320",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-04-20T00:29:00.247",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/06/03/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108023\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:1570\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1456\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2587\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3023\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3024\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-009\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/4333\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/32\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/12\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0001/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4434\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4460\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2019-006\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_19\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2020-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/06/03/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/108023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:1570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2587\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/4333\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2019-006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2020-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1321\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-11358\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-04-20T00:29:00.247\",\"lastModified\":\"2024-11-21T04:20:56.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\"},{\"lang\":\"es\",\"value\":\"jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"D2D193C7-2259-492F-8B85-E74C57A7426A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.66\",\"matchCriteriaId\":\"FC5AB839-4DAC-45E7-9D0B-B528F6D12043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.15\",\"matchCriteriaId\":\"9106BF81-B898-4EB0-B63C-9919D3B22260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndExcluding\":\"8.6.15\",\"matchCriteriaId\":\"9B37281E-9B44-42A5-AE0A-17CE6770995C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndExcluding\":\"1.11.9\",\"matchCriteriaId\":\"E75C32CE-3FA9-4DC2-A22A-4A841D4911EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.6\",\"matchCriteriaId\":\"F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"B9273745-6408-4CD3-94E8-9385D4F5FE69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AC556D-D511-4C4C-B9FB-A089BB2FEFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA1A18F-D997-4121-A01B-FD9B3BF266CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"230E2167-9107-4994-8328-295575E17DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"900D2344-5160-42A0-8C49-36DBC7FF3D87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1\",\"matchCriteriaId\":\"90CFEC52-A574-493E-A2AC-0EC21851BBFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3665B8A2-1F1A-490F-B01D-5B3455A6A539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8577D60-A711-493D-9246-E49D0E2B07E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EA8B91-7634-4636-B647-1049BA7CA088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F17843-32EA-4C31-B65C-F424447BEF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C784CEE8-F071-4583-A72D-F46C7C95FEC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE7BF09-B89C-4590-821E-6C0587E096B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18127694-109C-4E7E-AE79-0BA351849291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndIncluding\":\"2.8.0\",\"matchCriteriaId\":\"660DB443-6250-4956-ABD1-C6A522B8DCCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.10.0\",\"matchCriteriaId\":\"3625D477-1338-46CB-90B1-7291D617DC39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD806C1-CC17-47BD-8BB0-9430C4253BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC56004-4497-4CDD-AE76-5E3DFAE170F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274A0CF5-41E8-42E0-9931-F7372A65B9C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D98C27-734F-490B-92D5-251805C841B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B796AC70-A220-48D8-B8CD-97CF57227962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7231AF76-3D46-41C4-83E9-6E9E12940BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4534CF9-D9FD-4936-9D8C-077387028A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA44E38-EB8C-4E2D-8611-B201F47520E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.4.0\",\"matchCriteriaId\":\"1A0E3537-CB5A-40BF-B42C-CED9211B8892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndIncluding\":\"6.4\",\"matchCriteriaId\":\"4E16A16E-BFA3-4D17-9B4E-B42ADE725356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndIncluding\":\"4.3\",\"matchCriteriaId\":\"9264AF8A-3819-40E5-BBCB-3B6C95A0D828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3517A27-E6EE-497C-9996-F78171BBE90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3CE8D5-6404-4CEB-953E-7B7961BC14D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB43DFD4-D058-4001-BD19-488E059F4532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086E2E5C-44EB-4C07-B298-C04189533996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA77B994-3872-4059-854B-0974AA5593D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5682DAEB-3810-4541-833A-568C868BCE0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BC9AED-F81D-4344-AD97-EEF19B6EA8C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8198E762-9AD9-452B-B1AF-516E52436B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D177F6-25D9-4696-8528-3F57D91BAC12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726DB59B-00C7-444E-83F7-CB31032482AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80B6D265-9D72-45C3-AA2C-5B186E23CDAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37209C6F-EF99-4D21-9608-B3A06D283D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015A8CB-8FA6-423E-8307-BD903244F517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.3\",\"versionEndIncluding\":\"7.3.5\",\"matchCriteriaId\":\"B5BC32AA-78BE-468B-B92A-5A0FFFA970FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.2\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"FA699B16-5100-4485-9BB7-85B247743B17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"A7E00BA1-E643-45D9-97D3-EF12C29DB262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA29E6-F393-46E5-B2B3-9158077819A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"703DA91D-3440-4C67-AA20-78F71B1376DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B8DFFF-B037-4F29-8C8E-F4BBC3435199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A566893-8DCF-49E4-93D0-0ACCEFD70D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"A180039F-22C3-458E-967D-E07C61C69FAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E5D719-249D-48B8-BAFC-1E14D250B3F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"2C5F6B8C-2044-4E68-98BD-37B0CD108434\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"672949B4-1989-4AA7-806F-EEC07D07F317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.5\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"73E05211-8415-42FB-9B93-959EB03B090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9476D1DA-C8A8-40A0-94DD-9B46C05FD461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF6A5433-A7D9-4521-9D28-E7684FB76E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"AC15899F-8528-4D10-8CD5-F67121D7F293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F727AAC6-6D9F-4B28-B07C-6A93916C43A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"30657F1B-D1FC-4EE6-9854-18993294A01D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C17460-D326-4525-A7D1-0AED53E75E18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"30F0991A-8507-48C4-9A8E-DE5B28C46A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A00142E6-EEB3-44BD-AB0D-0E5C5640557F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00ED7CB0-96F7-4089-9047-A3AC241139C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"005E458D-4059-4E20-A620-B25DEBCE40C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74008AEE-589F-423E-8D77-EA54C36D776A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD85DB06-692F-4E81-BEB7-1E41B438D1FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6149C89E-0111-4CF9-90CA-0662D2F75E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDDF6CA-6441-4606-9D2F-22A67BA46978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA4D6CF-D54A-40DF-9B70-E13392D0BE19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.2\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"DB6C521C-F104-4E26-82F2-6F63F94108BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397B1A24-7C95-4A73-8363-4529A7F6CFCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"402B8642-7ACC-4F42-87A9-AB4D3B581751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D262848E-AA24-4057-A747-6221BA22ADF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"2163B848-D684-4B17-969A-36E0866C5749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"00615085-65B2-4211-A766-551842B3356F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E565DA-91BE-44FC-A28F-579BE8D2281A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"669BA301-4D29-4692-823B-CDEDD2A5BD18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"419559E6-5441-4335-8FE1-6ADAAD9355DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"036E4450-53C6-4322-9C7D-91DA94C9A3C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.6\",\"matchCriteriaId\":\"89C26226-A3CF-4D36-BBDA-80E298E0A51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F67D1332-621E-4756-B205-97A5CF670A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6748C867-0A52-452B-B4D6-DA80396F4152\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A64B5C4C-DF69-4292-A534-EDC5955CDDAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7141C66-0384-4BA1-A788-91DEB7EF1361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E586B3-3434-4B08-8BE3-16C528642CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95E8056-51D8-4390-ADE3-661B7AE1D7CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9059A907-508B-4844-8D7B-0FA68C0DF6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5ACB1D2-69CE-4B7D-9B51-D8F80E541631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1F726C6-EA5A-40FF-8809-4F48E4AE6976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD7C26E3-BB0D-4218-8176-319AEA2925C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD67072F-3CFC-480D-9360-81A05D523318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652E762A-BCDD-451E-9DE3-F1555C1E4B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.1.0\",\"versionEndIncluding\":\"19.1.2\",\"matchCriteriaId\":\"7BFD7783-BE15-421C-A550-7FE15AB53ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7BF047-03C5-4A60-B718-E222B16DBF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A73D81-3E1A-42E6-AB96-835CDD5905F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA10CA55-C155-4DAD-A109-87A80116F1A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66136D6D-FC52-40DB-B7B6-BA8B7758CE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06514F46-544B-4404-B45C-C9584EBC3131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD4BF9A-BF38-460D-974D-5B3255AAF946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"92D538A5-819D-4DF7-85FE-4D4EB6E230E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEDA3A88-002B-4700-9277-3187C0A3E4B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE886BC5-F807-4627-8233-2290817FE205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0.0\",\"versionEndIncluding\":\"5.6.0.0\",\"matchCriteriaId\":\"B47C73D0-BE89-4D87-8765-12C507F13AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8AA91A-1880-43CD-938D-48EF58ACF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6B5D7DB-C70E-4926-819F-E39B79F4D0C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7506589-9B3B-49BA-B826-774BFDCC45B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37EB4A1D-A875-46B7-BEB0-694D1F400CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2233F287-6B9F-4C8A-A724-959DD3AD29AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2381FAB6-8D36-4389-98E4-74F3462654BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.6.0\",\"versionEndIncluding\":\"8.6.3\",\"matchCriteriaId\":\"9E587602-BA7D-4087-BE29-ACE0B01BD590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.15\",\"matchCriteriaId\":\"84668F58-6511-4E53-8213-13B440F454C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D8B3B57-73D6-4402-987F-8AE723D52F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62BF043E-BCB9-433D-BA09-7357853EE127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F26FB80-F541-4B59-AC3C-633F49388B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.15\",\"matchCriteriaId\":\"12D3B2F0-E9C7-432B-91C6-A6C329A84B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.2.0\",\"versionEndIncluding\":\"16.2.11\",\"matchCriteriaId\":\"06CF27F6-ADC1-480C-9D2E-2BD1E7330C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.7\",\"matchCriteriaId\":\"E4AA3854-C9FD-4287-85A0-EE7907D1E1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.9\",\"matchCriteriaId\":\"E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.4\",\"matchCriteriaId\":\"69112C56-7747-4E11-A938-85A481529F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9E628E7-6CC5-418C-939F-8EEA69B222A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0.1\",\"versionEndIncluding\":\"2.3.0.3\",\"matchCriteriaId\":\"99579D88-27C0-4B93-B2F4-69B6781BC4BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"36FC547E-861A-418C-A314-DA09A457B13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"DF9FEE51-50E3-41E9-AA0D-272A640F85CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"E69E905F-2E1A-4462-9082-FF7B10474496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"0F9B692C-8986-4F91-9EF4-2BB1E3B5C133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"C5F4C40E-3ABC-4C59-B226-224262DCFF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C7EEA3-AA72-48DA-A112-2923DBB37773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B5F416-56AE-4DC5-BCFF-49702463E716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE15D64-6F49-4F43-8079-0C7827384C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E16AEF-ACEB-413C-888C-8D250F65C180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFAEA84-E376-40A2-8C9F-3E0676FEC527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237968A4-AE89-44DC-8BA3-D9651F88883D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"959316A8-C3AF-4126-A242-3835ED0AD1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70BEF219-45EC-4A53-A815-42FBE20FC300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA2023A-1AD6-41FE-A214-9D1F6021D6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"19.8\",\"matchCriteriaId\":\"2AA4E307-D5FA-461D-9809-BDD123AE7B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B9198C-11DF-4E80-ACFC-DC719CED8C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"587EE4F3-E7AC-4A69-9476-0E71E75EE7A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7961BBD-6411-4D32-947D-3940221C235B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"162C6FD9-AEC2-4EBA-A163-3054840B8ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6879D52-A44E-4DF8-8A3A-3613822EB469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAF89C1-AAC2-449C-90C1-895F5F8843B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0.1\",\"versionEndIncluding\":\"2.3.0.3\",\"matchCriteriaId\":\"2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D551CAB1-4312-44AA-BDA8-A030817E153A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.9.4\",\"matchCriteriaId\":\"C63557DE-E65B-46F4-99C4-247EACCB7BBA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/03/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108023\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2587\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3023\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3024\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://backdropcms.org/security/backdrop-sa-core-2019-009\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/4333\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/32\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4434\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4460\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2019-006\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_19\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-08\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/03/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:1570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2587\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://backdropcms.org/security/backdrop-sa-core-2019-009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/4333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2019-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.drupal.org/sa-core-2019-006\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_19\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4434\", \"name\": \"DSA-4434\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/32\", \"name\": \"20190421 [SECURITY] [DSA 4434-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/108023\", \"name\": \"108023\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\", \"name\": \"[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\", \"name\": \"FEDORA-2019-eba8e44ee6\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\", \"name\": \"FEDORA-2019-1a3edd7e8a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\", \"name\": \"FEDORA-2019-7eaf0bbe7c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\", \"name\": \"FEDORA-2019-2a0ce0c58c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\", \"name\": \"FEDORA-2019-a06dffab1c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\", \"name\": \"FEDORA-2019-f563e66380\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"name\": \"20190509 dotCMS v5.1.1 Vulnerabilities\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"name\": \"20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"name\": \"20190510 dotCMS v5.1.1 Vulnerabilities\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"name\": \"20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\", \"name\": \"[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/06/03/2\", \"name\": \"[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1456\", \"name\": \"RHSA-2019:1456\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4460\", \"name\": \"DSA-4460\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/12\", \"name\": \"20190612 [SECURITY] [DSA 4460-1] mediawiki security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\", \"name\": \"openSUSE-SU-2019:1839\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:1570\", \"name\": \"RHBA-2019:1570\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\", \"name\": \"openSUSE-SU-2019:1872\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"name\": \"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2587\", \"name\": \"RHSA-2019:2587\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3023\", \"name\": \"RHSA-2019:3023\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3024\", \"name\": \"RHSA-2019:3024\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"name\": \"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\", \"name\": \"[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2020-02\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\", \"name\": \"[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\", \"name\": \"[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\", \"name\": \"[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-009\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/4333\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"name\": \"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T22:48:09.199Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-11358\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-20T15:03:16.892088Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T15:11:14.055Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.drupal.org/sa-core-2019-006\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_19\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4434\", \"name\": \"DSA-4434\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/32\", \"name\": \"20190421 [SECURITY] [DSA 4434-1] drupal7 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.securityfocus.com/bid/108023\", \"name\": \"108023\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E\", \"name\": \"[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\", \"name\": \"[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/\", \"name\": \"FEDORA-2019-eba8e44ee6\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/\", \"name\": \"FEDORA-2019-1a3edd7e8a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/\", \"name\": \"FEDORA-2019-7eaf0bbe7c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/\", \"name\": \"FEDORA-2019-2a0ce0c58c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/\", \"name\": \"FEDORA-2019-a06dffab1c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/\", \"name\": \"FEDORA-2019-f563e66380\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"name\": \"20190509 dotCMS v5.1.1 Vulnerabilities\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"name\": \"20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"name\": \"20190510 dotCMS v5.1.1 Vulnerabilities\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"name\": \"20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\", \"name\": \"[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/06/03/2\", \"name\": \"[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1456\", \"name\": \"RHSA-2019:1456\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4460\", \"name\": \"DSA-4460\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/12\", \"name\": \"20190612 [SECURITY] [DSA 4460-1] mediawiki security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html\", \"name\": \"openSUSE-SU-2019:1839\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2019:1570\", \"name\": \"RHBA-2019:1570\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html\", \"name\": \"openSUSE-SU-2019:1872\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"name\": \"[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2587\", \"name\": \"RHSA-2019:2587\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0001/\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3023\", \"name\": \"RHSA-2019:3023\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3024\", \"name\": \"RHSA-2019:3024\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"name\": \"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\", \"name\": \"[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\"}, {\"url\": \"https://www.tenable.com/security/tns-2020-02\"}, {\"url\": \"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E\", \"name\": \"[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E\", \"name\": \"[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E\", \"name\": \"[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\"}, {\"url\": \"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E\", \"name\": \"[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\"}, {\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-009\"}, {\"url\": \"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-JQUERY-174006\"}, {\"url\": \"https://github.com/jquery/jquery/pull/4333\"}, {\"url\": \"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\"}, {\"url\": \"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\"}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\"}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\"}, {\"url\": \"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\", \"name\": \"[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-08-31T02:06:52.187Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-11358\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T15:11:23.024Z\", \"dateReserved\": \"2019-04-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-04-19T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-6C3J-C64M-QHGQ
Vulnerability from github – Published: 2019-04-26 16:29 – Updated: 2024-11-05 20:16
VLAI
Summary
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Details
jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Severity
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.4"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.4"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "django"
},
"ranges": [
{
"events": [
{
"introduced": "2.0a1"
},
{
"fixed": "2.1.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "django"
},
"ranges": [
{
"events": [
{
"introduced": "2.2a1"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.4"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "maximebf/debugbar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-11358"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2019-04-26T16:28:41Z",
"nvd_published_at": "2019-04-20T00:29:00Z",
"severity": "MODERATE"
},
"details": "jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype`.",
"id": "GHSA-6c3j-c64m-qhgq",
"modified": "2024-11-05T20:16:55Z",
"published": "2019-04-26T16:29:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"type": "WEB",
"url": "https://github.com/maximebf/php-debugbar/issues/447"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"type": "WEB",
"url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"type": "WEB",
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190919-0001"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released"
},
{
"type": "WEB",
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "XSS in jQuery as used in Drupal, Backdrop CMS, and other products"
}
GSD-2019-11358
Vulnerability from gsd - Updated: 2019-04-19 00:00Details
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11358",
"description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"id": "GSD-2019-11358",
"references": [
"https://www.suse.com/security/cve/CVE-2019-11358.html",
"https://www.debian.org/security/2019/dsa-4460",
"https://www.debian.org/security/2019/dsa-4434",
"https://access.redhat.com/errata/RHSA-2020:5581",
"https://access.redhat.com/errata/RHSA-2020:4847",
"https://access.redhat.com/errata/RHSA-2020:4670",
"https://access.redhat.com/errata/RHSA-2020:4298",
"https://access.redhat.com/errata/RHSA-2020:3936",
"https://access.redhat.com/errata/RHSA-2020:2412",
"https://access.redhat.com/errata/RHSA-2020:1325",
"https://access.redhat.com/errata/RHBA-2020:0402",
"https://access.redhat.com/errata/RHSA-2019:3024",
"https://access.redhat.com/errata/RHSA-2019:3023",
"https://access.redhat.com/errata/RHSA-2019:2587",
"https://access.redhat.com/errata/RHBA-2019:1570",
"https://access.redhat.com/errata/RHSA-2019:1456",
"https://advisories.mageia.org/CVE-2019-11358.html",
"https://security.archlinux.org/CVE-2019-11358",
"https://linux.oracle.com/cve/CVE-2019-11358.html",
"https://access.redhat.com/errata/RHSA-2021:4142",
"https://access.redhat.com/errata/RHSA-2022:7343",
"https://access.redhat.com/errata/RHSA-2023:0552",
"https://access.redhat.com/errata/RHSA-2023:0553",
"https://access.redhat.com/errata/RHSA-2023:0554",
"https://access.redhat.com/errata/RHSA-2023:0556",
"https://access.redhat.com/errata/RHSA-2023:1043",
"https://access.redhat.com/errata/RHSA-2023:1044",
"https://access.redhat.com/errata/RHSA-2023:1045",
"https://access.redhat.com/errata/RHSA-2023:1047",
"https://access.redhat.com/errata/RHSA-2023:1049"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails",
"purl": "pkg:gem/jquery-rails"
}
}
],
"aliases": [
"CVE-2019-11358"
],
"details": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n",
"id": "GSD-2019-11358",
"modified": "2019-04-19T00:00:00.000Z",
"published": "2019-04-19T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/454365"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 4.3,
"type": "CVSS_V2"
},
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution attack through jQuery $.extend"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/sa-core-2019-006",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "https://www.tenable.com/security/tns-2020-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.tenable.com/security/tns-2019-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "https://backdropcms.org/security/backdrop-sa-core-2019-009",
"refsource": "MISC",
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"name": "https://www.drupal.org/sa-core-2019-006",
"refsource": "MISC",
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"refsource": "MISC",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"name": "https://github.com/jquery/jquery/pull/4333",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/",
"refsource": "MISC",
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "https://www.tenable.com/security/tns-2020-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1",
"refsource": "MISC",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2019-11358",
"cvss_v2": 4.3,
"cvss_v3": 6.1,
"date": "2019-04-19",
"description": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n",
"framework": "rails",
"gem": "jquery-rails",
"patched_versions": [
"\u003e= 4.3.4"
],
"related": {
"url": [
"https://hackerone.com/reports/454365",
"https://github.com/jquery/jquery/pull/4333",
"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
]
},
"title": "Prototype pollution attack through jQuery $.extend",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.3.4",
"affected_versions": "All versions before 4.3.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2021-10-01",
"description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native Object.prototype.",
"fixed_versions": [
"4.3.4"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"CVE-2019-11358"
],
"package_slug": "gem/jquery-rails",
"pubdate": "2019-04-20",
"solution": "Upgrade to version 4.3.4 or above",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
],
"uuid": "932446c8-c1d5-43ad-8102-064dd8a3b25c"
},
{
"affected_range": "\u003c6.1.2",
"affected_versions": "All versions before 3.4.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-12",
"description": "The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`",
"fixed_versions": [
"6.1.2"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"CVE-2019-11358"
],
"not_impacted": "All versions starting from 3.4.0",
"package_slug": "gem/rdoc",
"pubdate": "2019-04-20",
"solution": "Upgrade to version 3.4 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"http://www.securityfocus.com/bid/108023",
"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"https://seclists.org/bugtraq/2019/Apr/32"
],
"uuid": "31ce5a08-acfe-442f-b450-28410dd9b4d3"
},
{
"affected_range": "\u003c3.4.0",
"affected_versions": "All versions before 3.4.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-02-08",
"description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"fixed_versions": [
"3.4.0"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"GHSA-6c3j-c64m-qhgq",
"CVE-2019-11358"
],
"not_impacted": "All versions starting from 3.4.0",
"package_slug": "npm/jquery",
"pubdate": "2019-04-26",
"solution": "Upgrade to version 3.4.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"https://backdropcms.org/security/backdrop-sa-core-2019-009",
"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
"https://github.com/jquery/jquery/pull/4333",
"https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
"https://www.drupal.org/sa-core-2019-006",
"https://access.redhat.com/errata/RHBA-2019:1570",
"https://access.redhat.com/errata/RHSA-2019:1456",
"https://access.redhat.com/errata/RHSA-2019:2587",
"https://access.redhat.com/errata/RHSA-2019:3023",
"https://access.redhat.com/errata/RHSA-2019:3024",
"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E",
"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html",
"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html",
"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/",
"https://seclists.org/bugtraq/2019/Apr/32",
"https://seclists.org/bugtraq/2019/Jun/12",
"https://seclists.org/bugtraq/2019/May/18",
"https://security.netapp.com/advisory/ntap-20190919-0001/",
"https://www.debian.org/security/2019/dsa-4434",
"https://www.debian.org/security/2019/dsa-4460",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/",
"https://www.synology.com/security/advisory/Synology_SA_19_19",
"https://www.tenable.com/security/tns-2019-08",
"https://www.tenable.com/security/tns-2020-02",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",
"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"http://seclists.org/fulldisclosure/2019/May/10",
"http://seclists.org/fulldisclosure/2019/May/11",
"http://seclists.org/fulldisclosure/2019/May/13",
"http://www.openwall.com/lists/oss-security/2019/06/03/2",
"http://www.securityfocus.com/bid/108023",
"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://github.com/advisories/GHSA-6c3j-c64m-qhgq"
],
"uuid": "54b5386a-59f9-43aa-88e7-0c12bd5b5e7c"
},
{
"affected_range": "(,3.4.0)",
"affected_versions": "All versions before 3.4.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-1321",
"CWE-937"
],
"date": "2023-05-30",
"description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"fixed_versions": [
"3.4.0"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"GHSA-6c3j-c64m-qhgq",
"CVE-2019-11358"
],
"not_impacted": "All versions starting from 3.4.0",
"package_slug": "nuget/jQuery",
"pubdate": "2019-04-26",
"solution": "Upgrade to version 3.4.0 or above.",
"title": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"https://backdropcms.org/security/backdrop-sa-core-2019-009",
"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
"https://github.com/jquery/jquery/pull/4333",
"https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
"https://www.drupal.org/sa-core-2019-006",
"https://access.redhat.com/errata/RHSA-2019:3023",
"https://access.redhat.com/errata/RHSA-2019:3024",
"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E",
"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E",
"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html",
"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html",
"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/",
"https://security.netapp.com/advisory/ntap-20190919-0001/",
"https://www.debian.org/security/2019/dsa-4434",
"https://www.debian.org/security/2019/dsa-4460",
"https://www.synology.com/security/advisory/Synology_SA_19_19",
"https://www.tenable.com/security/tns-2019-08",
"https://www.tenable.com/security/tns-2020-02",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",
"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"http://www.openwall.com/lists/oss-security/2019/06/03/2",
"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml",
"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226",
"https://github.com/advisories/GHSA-6c3j-c64m-qhgq"
],
"uuid": "d7ab203e-bc46-4788-9be7-fab6b4588496"
},
{
"affected_range": "\u003e=7.0,\u003c7.66||\u003e=8.5.0,\u003c8.5.15||\u003e=8.6.0,\u003c8.6.15",
"affected_versions": "All versions starting from 7.0 before 7.66, all versions starting from 8.5.0 before 8.5.15, all versions starting from 8.6.0 before 8.6.15",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-12",
"description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype`.",
"fixed_versions": [
"8.0.0",
"8.5.15",
"8.6.15"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"CVE-2019-11358"
],
"not_impacted": "All versions before 7.0, all versions starting from 7.66 before 8.5.0, all versions starting from 8.5.15 before 8.6.0, all versions starting from 8.6.15",
"package_slug": "packagist/drupal/core",
"pubdate": "2019-04-20",
"solution": "Upgrade to versions 8.0.0, 8.5.15, 8.6.15 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"http://www.securityfocus.com/bid/108023",
"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"https://seclists.org/bugtraq/2019/Apr/32"
],
"uuid": "e2d28b24-ccea-4d03-b344-183788eacc5e"
},
{
"affected_range": "\u003e=2.0a1, \u003c2.1.9 || \u003e=2.2a1, \u003c2.2.2",
"affected_versions": "All versions starting from 2.0a1 before 2.1.9, all versions starting from 2.2a1 before 2.2.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-12",
"description": "jQuery mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native `Object.prototype`.",
"fixed_versions": [
"2.2.2",
"2.1.9"
],
"identifier": "CVE-2019-11358",
"identifiers": [
"CVE-2019-11358"
],
"not_impacted": "1.x",
"package_slug": "pypi/Django",
"pubdate": "2019-04-19",
"solution": "Upgrade to fixed version or apply patch.",
"title": "Prototype pollution in jQuery",
"urls": [
"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/",
"https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f",
"https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad",
"https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829"
],
"uuid": "5ef876b4-198e-4388-bf3a-c88309840d43"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A",
"versionEndExcluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043",
"versionEndExcluding": "7.66",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260",
"versionEndExcluding": "8.5.15",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C",
"versionEndExcluding": "8.6.15",
"versionStartIncluding": "8.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB",
"versionEndExcluding": "1.11.9",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4",
"versionEndExcluding": "1.12.6",
"versionStartIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69",
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA",
"versionEndExcluding": "19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
"matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA",
"versionEndIncluding": "2.8.0",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356",
"versionEndIncluding": "6.4",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828",
"versionEndIncluding": "4.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*",
"matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F",
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF",
"versionEndIncluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF",
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF",
"versionEndIncluding": "18.8.9",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58",
"versionEndIncluding": "19.12.4",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD",
"versionEndIncluding": "2.3.0.3",
"versionStartIncluding": "2.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
"matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
"matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
"matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74",
"versionEndIncluding": "19.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1",
"versionEndIncluding": "2.3.0.3",
"versionStartIncluding": "2.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA",
"versionEndIncluding": "3.9.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
},
{
"lang": "es",
"value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo."
}
],
"id": "CVE-2019-11358",
"lastModified": "2024-02-16T16:32:51.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-20T00:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2020-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
ICSA-22-097-01
Vulnerability from csaf_cisa - Published: 2022-04-07 00:00 - Updated: 2022-04-07 00:00Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.4 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.4 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
4.7 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
CWE-1004
- Sensitive Cookie Without 'HttpOnly' Flag
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9
Pepperl+Fuchs / WHA-GW-F2D2-0-AS- Z2-ETH.EIP
|
3.0.7 | 3.0.8 | 3.0.9 |
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
35 references
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
MSRC_CVE-2019-11358
Vulnerability from csaf_microsoft - Published: 2019-04-02 00:00 - Updated: 2026-02-18 03:11Summary
jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16992-17084 | — | ||
| Unresolved product id: 16993-17084 | — | ||
| Unresolved product id: 16994-17084 | — | ||
| Unresolved product id: 19947-17084 | — | ||
| Unresolved product id: 16992-16817 | — | ||
| Unresolved product id: 16993-16817 | — | ||
| Unresolved product id: 16994-16817 | — |
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 16817-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 16817-10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 16817-8 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-2 | — | ||
| Unresolved product id: 17086-4 | — | ||
| Unresolved product id: 17086-1 | — | ||
| Unresolved product id: 17084-6 | — | ||
| Unresolved product id: 17084-5 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-11358 jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-11358.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.",
"tracking": {
"current_release_date": "2026-02-18T03:11:18.000Z",
"generator": {
"date": "2026-02-18T12:03:08.056Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-11358",
"initial_release_date": "2019-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-02-11T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added m2crypto to Azure Linux 3.0\nAdded python-pygments to Azure Linux 3.0"
},
{
"date": "2026-02-18T03:11:18.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 m2crypto 0.38.0-4",
"product": {
"name": "\u003cazl3 m2crypto 0.38.0-4",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 m2crypto 0.38.0-4",
"product": {
"name": "azl3 m2crypto 0.38.0-4",
"product_id": "16992"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 m2crypto 0.38.0-4",
"product": {
"name": "\u003cazl3 m2crypto 0.38.0-4",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 m2crypto 0.38.0-4",
"product": {
"name": "azl3 m2crypto 0.38.0-4",
"product_id": "16992"
}
}
],
"category": "product_name",
"name": "m2crypto"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-pygments 2.7.4-1",
"product": {
"name": "\u003cazl3 python-pygments 2.7.4-1",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "azl3 python-pygments 2.7.4-1",
"product": {
"name": "azl3 python-pygments 2.7.4-1",
"product_id": "16993"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-pygments 2.5.2-1",
"product": {
"name": "\u003cazl3 python-pygments 2.5.2-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-pygments 2.5.2-1",
"product": {
"name": "azl3 python-pygments 2.5.2-1",
"product_id": "19947"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-pygments 2.7.4-1",
"product": {
"name": "\u003cazl3 python-pygments 2.7.4-1",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "azl3 python-pygments 2.7.4-1",
"product": {
"name": "azl3 python-pygments 2.7.4-1",
"product_id": "16993"
}
}
],
"category": "product_name",
"name": "python-pygments"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 orangefs 2.9.7-7",
"product": {
"name": "\u003cazl3 orangefs 2.9.7-7",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 orangefs 2.9.7-7",
"product": {
"name": "azl3 orangefs 2.9.7-7",
"product_id": "16994"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 orangefs 2.9.7-7",
"product": {
"name": "\u003cazl3 orangefs 2.9.7-7",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 orangefs 2.9.7-7",
"product": {
"name": "azl3 orangefs 2.9.7-7",
"product_id": "16994"
}
}
],
"category": "product_name",
"name": "orangefs"
},
{
"category": "product_name",
"name": "azl3 orangefs 2.9.8-3",
"product": {
"name": "azl3 orangefs 2.9.8-3",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "cbl2 orangefs 2.9.8-3",
"product": {
"name": "cbl2 orangefs 2.9.8-3",
"product_id": "1"
}
},
{
"category": "product_name",
"name": "azl3 mozjs 102.15.1-1",
"product": {
"name": "azl3 mozjs 102.15.1-1",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "5"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 m2crypto 0.38.0-4 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 m2crypto 0.38.0-4 as a component of Azure Linux 3.0",
"product_id": "16992-17084"
},
"product_reference": "16992",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pygments 2.7.4-1 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pygments 2.7.4-1 as a component of Azure Linux 3.0",
"product_id": "16993-17084"
},
"product_reference": "16993",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 orangefs 2.9.7-7 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 orangefs 2.9.7-7 as a component of Azure Linux 3.0",
"product_id": "16994-17084"
},
"product_reference": "16994",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 orangefs 2.9.8-3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 orangefs 2.9.8-3 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pygments 2.5.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pygments 2.5.2-1 as a component of Azure Linux 3.0",
"product_id": "19947-17084"
},
"product_reference": "19947",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 m2crypto 0.38.0-4 as a component of Azure Linux 3.0",
"product_id": "16817-12"
},
"product_reference": "12",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 m2crypto 0.38.0-4 as a component of Azure Linux 3.0",
"product_id": "16992-16817"
},
"product_reference": "16992",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pygments 2.7.4-1 as a component of Azure Linux 3.0",
"product_id": "16817-10"
},
"product_reference": "10",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pygments 2.7.4-1 as a component of Azure Linux 3.0",
"product_id": "16993-16817"
},
"product_reference": "16993",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 orangefs 2.9.7-7 as a component of Azure Linux 3.0",
"product_id": "16817-8"
},
"product_reference": "8",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 orangefs 2.9.7-7 as a component of Azure Linux 3.0",
"product_id": "16994-16817"
},
"product_reference": "16994",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-2",
"17086-4",
"17084-6",
"17084-5"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17086-1"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16992-17084",
"16993-17084",
"16994-17084",
"19947-17084",
"16992-16817",
"16993-16817",
"16994-16817"
],
"known_affected": [
"17084-11",
"17084-9",
"17084-7",
"17084-3",
"16817-12",
"16817-10",
"16817-8"
],
"known_not_affected": [
"17084-2",
"17086-4",
"17086-1",
"17084-6",
"17084-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-11358 jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-11358.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "0.38.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-11",
"16817-12"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "2.7.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-9",
"17084-3",
"16817-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "2.9.7-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-7",
"16817-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17084-11",
"17084-9",
"17084-7",
"17084-3",
"16817-12",
"16817-10",
"16817-8"
]
}
],
"title": "jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype."
}
]
}
OPENSUSE-SU-2019:1839-1
Vulnerability from csaf_opensuse - Published: 2019-08-08 15:57 - Updated: 2019-08-08 15:57Summary
Security update for python-Django
Severity
Moderate
Notes
Title of the patch: Security update for python-Django
Description of the patch: This update for python-Django fixes the following issues:
Security issues fixed:
- CVE-2019-11358: Fixed prototype pollution.
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
- CVE-2019-14232: Fixed denial-of-service possibility in ``django.utils.text.Truncator`` (bsc#1142880).
- CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()`` (bsc#1142882).
- CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField`` (bsc#1142883).
- CVE-2019-14235: Fixed potential memory exhaustion in ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).
Non-security issues fixed:
- Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
Patchnames: openSUSE-2019-1839
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Django",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Django fixes the following issues:\n\nSecurity issues fixed:\n\t \n- CVE-2019-11358: Fixed prototype pollution.\n- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)\n- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).\n- CVE-2019-14232: Fixed denial-of-service possibility in ``django.utils.text.Truncator`` (bsc#1142880).\n- CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()`` (bsc#1142882).\n- CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField`` (bsc#1142883).\n- CVE-2019-14235: Fixed potential memory exhaustion in ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).\n\nNon-security issues fixed:\n\n- Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1839",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1839-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1839-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ/#3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1839-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ/#3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ"
},
{
"category": "self",
"summary": "SUSE Bug 1136468",
"url": "https://bugzilla.suse.com/1136468"
},
{
"category": "self",
"summary": "SUSE Bug 1139945",
"url": "https://bugzilla.suse.com/1139945"
},
{
"category": "self",
"summary": "SUSE Bug 1142880",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "self",
"summary": "SUSE Bug 1142882",
"url": "https://bugzilla.suse.com/1142882"
},
{
"category": "self",
"summary": "SUSE Bug 1142883",
"url": "https://bugzilla.suse.com/1142883"
},
{
"category": "self",
"summary": "SUSE Bug 1142885",
"url": "https://bugzilla.suse.com/1142885"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12308 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12781 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14233 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14234 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14235 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14235/"
}
],
"title": "Security update for python-Django",
"tracking": {
"current_release_date": "2019-08-08T15:57:07Z",
"generator": {
"date": "2019-08-08T15:57:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1839-1",
"initial_release_date": "2019-08-08T15:57:07Z",
"revision_history": [
{
"date": "2019-08-08T15:57:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-Django-2.2.4-lp151.2.3.1.noarch",
"product": {
"name": "python3-Django-2.2.4-lp151.2.3.1.noarch",
"product_id": "python3-Django-2.2.4-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Django-2.2.4-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
},
"product_reference": "python3-Django-2.2.4-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-12308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12308"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12308",
"url": "https://www.suse.com/security/cve/CVE-2019-12308"
},
{
"category": "external",
"summary": "SUSE Bug 1136468 for CVE-2019-12308",
"url": "https://bugzilla.suse.com/1136468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-12308"
},
{
"cve": "CVE-2019-12781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12781"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12781",
"url": "https://www.suse.com/security/cve/CVE-2019-12781"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-12781"
},
{
"cve": "CVE-2019-14232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14232"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14232",
"url": "https://www.suse.com/security/cve/CVE-2019-14232"
},
{
"category": "external",
"summary": "SUSE Bug 1142880 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "external",
"summary": "SUSE Bug 1215978 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1215978"
},
{
"category": "external",
"summary": "SUSE Bug 1220358 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1220358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "important"
}
],
"title": "CVE-2019-14232"
},
{
"cve": "CVE-2019-14233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14233"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14233",
"url": "https://www.suse.com/security/cve/CVE-2019-14233"
},
{
"category": "external",
"summary": "SUSE Bug 1142882 for CVE-2019-14233",
"url": "https://bugzilla.suse.com/1142882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "important"
}
],
"title": "CVE-2019-14233"
},
{
"cve": "CVE-2019-14234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14234"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14234",
"url": "https://www.suse.com/security/cve/CVE-2019-14234"
},
{
"category": "external",
"summary": "SUSE Bug 1142883 for CVE-2019-14234",
"url": "https://bugzilla.suse.com/1142883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "important"
}
],
"title": "CVE-2019-14234"
},
{
"cve": "CVE-2019-14235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14235"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14235",
"url": "https://www.suse.com/security/cve/CVE-2019-14235"
},
{
"category": "external",
"summary": "SUSE Bug 1142885 for CVE-2019-14235",
"url": "https://bugzilla.suse.com/1142885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python3-Django-2.2.4-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:57:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14235"
}
]
}
OPENSUSE-SU-2019:1872-1
Vulnerability from csaf_opensuse - Published: 2019-08-14 09:13 - Updated: 2019-08-14 09:13Summary
Security update for python-Django
Severity
Moderate
Notes
Title of the patch: Security update for python-Django
Description of the patch: This update for python-Django fixes the following issues:
Security issues fixed:
- CVE-2019-11358: Fixed prototype pollution.
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
- CVE-2019-14232: Fixed denial-of-service possibility in ``django.utils.text.Truncator`` (bsc#1142880).
- CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()`` (bsc#1142882).
- CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField`` (bsc#1142883).
- CVE-2019-14235: Fixed potential memory exhaustion in ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).
Non-security issues fixed:
- Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2019-1872
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Django",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Django fixes the following issues:\n\nSecurity issues fixed:\n\t \n- CVE-2019-11358: Fixed prototype pollution.\n- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)\n- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).\n- CVE-2019-14232: Fixed denial-of-service possibility in ``django.utils.text.Truncator`` (bsc#1142880).\n- CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()`` (bsc#1142882).\n- CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField`` (bsc#1142883).\n- CVE-2019-14235: Fixed potential memory exhaustion in ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).\n\nNon-security issues fixed:\n\n- Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.\n \nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1872",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1872-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1872-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1872-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW"
},
{
"category": "self",
"summary": "SUSE Bug 1136468",
"url": "https://bugzilla.suse.com/1136468"
},
{
"category": "self",
"summary": "SUSE Bug 1139945",
"url": "https://bugzilla.suse.com/1139945"
},
{
"category": "self",
"summary": "SUSE Bug 1142880",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "self",
"summary": "SUSE Bug 1142882",
"url": "https://bugzilla.suse.com/1142882"
},
{
"category": "self",
"summary": "SUSE Bug 1142883",
"url": "https://bugzilla.suse.com/1142883"
},
{
"category": "self",
"summary": "SUSE Bug 1142885",
"url": "https://bugzilla.suse.com/1142885"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12308 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12781 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14233 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14234 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14235 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14235/"
}
],
"title": "Security update for python-Django",
"tracking": {
"current_release_date": "2019-08-14T09:13:06Z",
"generator": {
"date": "2019-08-14T09:13:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1872-1",
"initial_release_date": "2019-08-14T09:13:06Z",
"revision_history": [
{
"date": "2019-08-14T09:13:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-Django-2.2.4-bp151.3.3.1.noarch",
"product": {
"name": "python3-Django-2.2.4-bp151.3.3.1.noarch",
"product_id": "python3-Django-2.2.4-bp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Django-2.2.4-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
},
"product_reference": "python3-Django-2.2.4-bp151.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-12308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12308"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12308",
"url": "https://www.suse.com/security/cve/CVE-2019-12308"
},
{
"category": "external",
"summary": "SUSE Bug 1136468 for CVE-2019-12308",
"url": "https://bugzilla.suse.com/1136468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-12308"
},
{
"cve": "CVE-2019-12781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12781"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12781",
"url": "https://www.suse.com/security/cve/CVE-2019-12781"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-12781"
},
{
"cve": "CVE-2019-14232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14232"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14232",
"url": "https://www.suse.com/security/cve/CVE-2019-14232"
},
{
"category": "external",
"summary": "SUSE Bug 1142880 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "external",
"summary": "SUSE Bug 1215978 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1215978"
},
{
"category": "external",
"summary": "SUSE Bug 1220358 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1220358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "important"
}
],
"title": "CVE-2019-14232"
},
{
"cve": "CVE-2019-14233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14233"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14233",
"url": "https://www.suse.com/security/cve/CVE-2019-14233"
},
{
"category": "external",
"summary": "SUSE Bug 1142882 for CVE-2019-14233",
"url": "https://bugzilla.suse.com/1142882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "important"
}
],
"title": "CVE-2019-14233"
},
{
"cve": "CVE-2019-14234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14234"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14234",
"url": "https://www.suse.com/security/cve/CVE-2019-14234"
},
{
"category": "external",
"summary": "SUSE Bug 1142883 for CVE-2019-14234",
"url": "https://bugzilla.suse.com/1142883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "important"
}
],
"title": "CVE-2019-14234"
},
{
"cve": "CVE-2019-14235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14235"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14235",
"url": "https://www.suse.com/security/cve/CVE-2019-14235"
},
{
"category": "external",
"summary": "SUSE Bug 1142885 for CVE-2019-14235",
"url": "https://bugzilla.suse.com/1142885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python3-Django-2.2.4-bp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-14T09:13:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-14235"
}
]
}
OPENSUSE-SU-2024:0231-1
Vulnerability from csaf_opensuse - Published: 2024-08-02 10:51 - Updated: 2024-08-02 10:51Summary
Security update for python-notebook
Severity
Moderate
Notes
Title of the patch: Security update for python-notebook
Description of the patch: This update for python-notebook fixes the following issues:
- Update to 5.7.11
* sanitizer fix CVE-2021-32798 (boo#1227583)
- Update to 5.7.10
* no upstream changelog
- Update to 5.7.9
* Update JQuery dependency to version 3.4.1 to fix security
vulnerability (CVE-2019-11358)
* Update from preact to React
Patchnames: openSUSE-2024-231
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-notebook",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-notebook fixes the following issues:\n\n- Update to 5.7.11\n * sanitizer fix CVE-2021-32798 (boo#1227583)\n- Update to 5.7.10\n * no upstream changelog\n- Update to 5.7.9\n * Update JQuery dependency to version 3.4.1 to fix security\n vulnerability (CVE-2019-11358)\n * Update from preact to React \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-231",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0231-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0231-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MGXYA34Z6RRQFK6OU2VOIH22CODOT5ES/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0231-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MGXYA34Z6RRQFK6OU2VOIH22CODOT5ES/"
},
{
"category": "self",
"summary": "SUSE Bug 1227583",
"url": "https://bugzilla.suse.com/1227583"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32798/"
}
],
"title": "Security update for python-notebook",
"tracking": {
"current_release_date": "2024-08-02T10:51:39Z",
"generator": {
"date": "2024-08-02T10:51:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0231-1",
"initial_release_date": "2024-08-02T10:51:39Z",
"revision_history": [
{
"date": "2024-08-02T10:51:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"product_id": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"product_id": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"product_id": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"product_id": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-notebook-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "python3-notebook-5.7.11-bp156.4.3.1.noarch",
"product_id": "python3-notebook-5.7.11-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"product": {
"name": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"product_id": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-notebook-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "python3-notebook-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-notebook-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "python3-notebook-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
},
"product_reference": "python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-02T10:51:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2021-32798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32798"
}
],
"notes": [
{
"category": "general",
"text": "The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32798",
"url": "https://www.suse.com/security/cve/CVE-2021-32798"
},
{
"category": "external",
"summary": "SUSE Bug 1227583 for CVE-2021-32798",
"url": "https://bugzilla.suse.com/1227583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-doc-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-lang-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:jupyter-notebook-latex-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-5.7.11-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:python3-notebook-lang-5.7.11-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-02T10:51:39Z",
"details": "critical"
}
],
"title": "CVE-2021-32798"
}
]
}
OPENSUSE-SU-2024:11205-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python36-Django-3.2.7-2.3 on GA media
Severity
Moderate
Notes
Title of the patch: python36-Django-3.2.7-2.3 on GA media
Description of the patch: These are all security issues fixed in the python36-Django-3.2.7-2.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11205
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
99 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-Django-3.2.7-2.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-Django-3.2.7-2.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11205",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11205-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3982 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5145 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5963 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7401 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12794 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7233 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7234 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16984 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12308 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12781 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19118 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19844 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6975 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13254 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13596 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24583 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24584 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7471 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9402 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31542 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33203 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33571 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-35042 page",
"url": "https://www.suse.com/security/cve/CVE-2021-35042/"
}
],
"title": "python36-Django-3.2.7-2.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11205-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-Django-3.2.7-2.3.aarch64",
"product": {
"name": "python36-Django-3.2.7-2.3.aarch64",
"product_id": "python36-Django-3.2.7-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "python38-Django-3.2.7-2.3.aarch64",
"product": {
"name": "python38-Django-3.2.7-2.3.aarch64",
"product_id": "python38-Django-3.2.7-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "python39-Django-3.2.7-2.3.aarch64",
"product": {
"name": "python39-Django-3.2.7-2.3.aarch64",
"product_id": "python39-Django-3.2.7-2.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Django-3.2.7-2.3.ppc64le",
"product": {
"name": "python36-Django-3.2.7-2.3.ppc64le",
"product_id": "python36-Django-3.2.7-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-Django-3.2.7-2.3.ppc64le",
"product": {
"name": "python38-Django-3.2.7-2.3.ppc64le",
"product_id": "python38-Django-3.2.7-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-Django-3.2.7-2.3.ppc64le",
"product": {
"name": "python39-Django-3.2.7-2.3.ppc64le",
"product_id": "python39-Django-3.2.7-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Django-3.2.7-2.3.s390x",
"product": {
"name": "python36-Django-3.2.7-2.3.s390x",
"product_id": "python36-Django-3.2.7-2.3.s390x"
}
},
{
"category": "product_version",
"name": "python38-Django-3.2.7-2.3.s390x",
"product": {
"name": "python38-Django-3.2.7-2.3.s390x",
"product_id": "python38-Django-3.2.7-2.3.s390x"
}
},
{
"category": "product_version",
"name": "python39-Django-3.2.7-2.3.s390x",
"product": {
"name": "python39-Django-3.2.7-2.3.s390x",
"product_id": "python39-Django-3.2.7-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-Django-3.2.7-2.3.x86_64",
"product": {
"name": "python36-Django-3.2.7-2.3.x86_64",
"product_id": "python36-Django-3.2.7-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "python38-Django-3.2.7-2.3.x86_64",
"product": {
"name": "python38-Django-3.2.7-2.3.x86_64",
"product_id": "python38-Django-3.2.7-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "python39-Django-3.2.7-2.3.x86_64",
"product": {
"name": "python39-Django-3.2.7-2.3.x86_64",
"product_id": "python39-Django-3.2.7-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Django-3.2.7-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64"
},
"product_reference": "python36-Django-3.2.7-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Django-3.2.7-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le"
},
"product_reference": "python36-Django-3.2.7-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Django-3.2.7-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x"
},
"product_reference": "python36-Django-3.2.7-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-Django-3.2.7-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64"
},
"product_reference": "python36-Django-3.2.7-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Django-3.2.7-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64"
},
"product_reference": "python38-Django-3.2.7-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Django-3.2.7-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le"
},
"product_reference": "python38-Django-3.2.7-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Django-3.2.7-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x"
},
"product_reference": "python38-Django-3.2.7-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-Django-3.2.7-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64"
},
"product_reference": "python38-Django-3.2.7-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Django-3.2.7-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64"
},
"product_reference": "python39-Django-3.2.7-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Django-3.2.7-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le"
},
"product_reference": "python39-Django-3.2.7-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Django-3.2.7-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x"
},
"product_reference": "python39-Django-3.2.7-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-Django-3.2.7-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
},
"product_reference": "python39-Django-3.2.7-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3982"
}
],
"notes": [
{
"category": "general",
"text": "The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3982",
"url": "https://www.suse.com/security/cve/CVE-2015-3982"
},
{
"category": "external",
"summary": "SUSE Bug 932265 for CVE-2015-3982",
"url": "https://bugzilla.suse.com/932265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3982"
},
{
"cve": "CVE-2015-5145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5145"
}
],
"notes": [
{
"category": "general",
"text": "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5145",
"url": "https://www.suse.com/security/cve/CVE-2015-5145"
},
{
"category": "external",
"summary": "SUSE Bug 937524 for CVE-2015-5145",
"url": "https://bugzilla.suse.com/937524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-5145"
},
{
"cve": "CVE-2015-5963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5963"
}
],
"notes": [
{
"category": "general",
"text": "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5963",
"url": "https://www.suse.com/security/cve/CVE-2015-5963"
},
{
"category": "external",
"summary": "SUSE Bug 941587 for CVE-2015-5963",
"url": "https://bugzilla.suse.com/941587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-5963"
},
{
"cve": "CVE-2016-7401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7401"
}
],
"notes": [
{
"category": "general",
"text": "The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7401",
"url": "https://www.suse.com/security/cve/CVE-2016-7401"
},
{
"category": "external",
"summary": "SUSE Bug 1001374 for CVE-2016-7401",
"url": "https://bugzilla.suse.com/1001374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7401"
},
{
"cve": "CVE-2017-12794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12794"
}
],
"notes": [
{
"category": "general",
"text": "In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn\u0027t affect most production sites since you shouldn\u0027t run with \"DEBUG = True\" (which makes this page accessible) in your production settings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12794",
"url": "https://www.suse.com/security/cve/CVE-2017-12794"
},
{
"category": "external",
"summary": "SUSE Bug 1056284 for CVE-2017-12794",
"url": "https://bugzilla.suse.com/1056284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12794"
},
{
"cve": "CVE-2017-7233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7233"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7233",
"url": "https://www.suse.com/security/cve/CVE-2017-7233"
},
{
"category": "external",
"summary": "SUSE Bug 1031450 for CVE-2017-7233",
"url": "https://bugzilla.suse.com/1031450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7233"
},
{
"cve": "CVE-2017-7234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7234"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7234",
"url": "https://www.suse.com/security/cve/CVE-2017-7234"
},
{
"category": "external",
"summary": "SUSE Bug 1031451 for CVE-2017-7234",
"url": "https://bugzilla.suse.com/1031451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7234"
},
{
"cve": "CVE-2018-16984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16984"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the \"view\" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16984",
"url": "https://www.suse.com/security/cve/CVE-2018-16984"
},
{
"category": "external",
"summary": "SUSE Bug 1109621 for CVE-2018-16984",
"url": "https://bugzilla.suse.com/1109621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16984"
},
{
"cve": "CVE-2018-6188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6188"
}
],
"notes": [
{
"category": "general",
"text": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6188",
"url": "https://www.suse.com/security/cve/CVE-2018-6188"
},
{
"category": "external",
"summary": "SUSE Bug 1077714 for CVE-2018-6188",
"url": "https://bugzilla.suse.com/1077714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6188"
},
{
"cve": "CVE-2018-7536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7536",
"url": "https://www.suse.com/security/cve/CVE-2018-7536"
},
{
"category": "external",
"summary": "SUSE Bug 1083304 for CVE-2018-7536",
"url": "https://bugzilla.suse.com/1083304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7536"
},
{
"cve": "CVE-2018-7537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7537",
"url": "https://www.suse.com/security/cve/CVE-2018-7537"
},
{
"category": "external",
"summary": "SUSE Bug 1083305 for CVE-2018-7537",
"url": "https://bugzilla.suse.com/1083305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7537"
},
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-12308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12308"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12308",
"url": "https://www.suse.com/security/cve/CVE-2019-12308"
},
{
"category": "external",
"summary": "SUSE Bug 1136468 for CVE-2019-12308",
"url": "https://bugzilla.suse.com/1136468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12308"
},
{
"cve": "CVE-2019-12781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12781"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12781",
"url": "https://www.suse.com/security/cve/CVE-2019-12781"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12781"
},
{
"cve": "CVE-2019-14232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14232"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14232",
"url": "https://www.suse.com/security/cve/CVE-2019-14232"
},
{
"category": "external",
"summary": "SUSE Bug 1142880 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "external",
"summary": "SUSE Bug 1215978 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1215978"
},
{
"category": "external",
"summary": "SUSE Bug 1220358 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1220358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14232"
},
{
"cve": "CVE-2019-19118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19118"
}
],
"notes": [
{
"category": "general",
"text": "Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model\u0027s save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19118",
"url": "https://www.suse.com/security/cve/CVE-2019-19118"
},
{
"category": "external",
"summary": "SUSE Bug 1157705 for CVE-2019-19118",
"url": "https://bugzilla.suse.com/1157705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19118"
},
{
"cve": "CVE-2019-19844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19844"
}
],
"notes": [
{
"category": "general",
"text": "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user\u0027s email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19844",
"url": "https://www.suse.com/security/cve/CVE-2019-19844"
},
{
"category": "external",
"summary": "SUSE Bug 1159447 for CVE-2019-19844",
"url": "https://bugzilla.suse.com/1159447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19844"
},
{
"cve": "CVE-2019-3498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3498"
}
],
"notes": [
{
"category": "general",
"text": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3498",
"url": "https://www.suse.com/security/cve/CVE-2019-3498"
},
{
"category": "external",
"summary": "SUSE Bug 1120932 for CVE-2019-3498",
"url": "https://bugzilla.suse.com/1120932"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-3498",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-3498"
},
{
"cve": "CVE-2019-6975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6975"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6975",
"url": "https://www.suse.com/security/cve/CVE-2019-6975"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-6975",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-6975",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6975"
},
{
"cve": "CVE-2020-13254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13254"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13254",
"url": "https://www.suse.com/security/cve/CVE-2020-13254"
},
{
"category": "external",
"summary": "SUSE Bug 1172166 for CVE-2020-13254",
"url": "https://bugzilla.suse.com/1172166"
},
{
"category": "external",
"summary": "SUSE Bug 1172167 for CVE-2020-13254",
"url": "https://bugzilla.suse.com/1172167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13254"
},
{
"cve": "CVE-2020-13596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13596"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13596",
"url": "https://www.suse.com/security/cve/CVE-2020-13596"
},
{
"category": "external",
"summary": "SUSE Bug 1172166 for CVE-2020-13596",
"url": "https://bugzilla.suse.com/1172166"
},
{
"category": "external",
"summary": "SUSE Bug 1172167 for CVE-2020-13596",
"url": "https://bugzilla.suse.com/1172167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13596"
},
{
"cve": "CVE-2020-24583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24583",
"url": "https://www.suse.com/security/cve/CVE-2020-24583"
},
{
"category": "external",
"summary": "SUSE Bug 1175784 for CVE-2020-24583",
"url": "https://bugzilla.suse.com/1175784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-24583"
},
{
"cve": "CVE-2020-24584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24584"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system\u0027s standard umask rather than 0o077.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24584",
"url": "https://www.suse.com/security/cve/CVE-2020-24584"
},
{
"category": "external",
"summary": "SUSE Bug 1175784 for CVE-2020-24584",
"url": "https://bugzilla.suse.com/1175784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-24584"
},
{
"cve": "CVE-2020-7471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7471"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7471",
"url": "https://www.suse.com/security/cve/CVE-2020-7471"
},
{
"category": "external",
"summary": "SUSE Bug 1161919 for CVE-2020-7471",
"url": "https://bugzilla.suse.com/1161919"
},
{
"category": "external",
"summary": "SUSE Bug 1161920 for CVE-2020-7471",
"url": "https://bugzilla.suse.com/1161920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-7471"
},
{
"cve": "CVE-2020-9402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9402"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9402",
"url": "https://www.suse.com/security/cve/CVE-2020-9402"
},
{
"category": "external",
"summary": "SUSE Bug 1165022 for CVE-2020-9402",
"url": "https://bugzilla.suse.com/1165022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-9402"
},
{
"cve": "CVE-2021-31542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31542"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31542",
"url": "https://www.suse.com/security/cve/CVE-2021-31542"
},
{
"category": "external",
"summary": "SUSE Bug 1185623 for CVE-2021-31542",
"url": "https://bugzilla.suse.com/1185623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31542"
},
{
"cve": "CVE-2021-32052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32052"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32052",
"url": "https://www.suse.com/security/cve/CVE-2021-32052"
},
{
"category": "external",
"summary": "SUSE Bug 1185713 for CVE-2021-32052",
"url": "https://bugzilla.suse.com/1185713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32052"
},
{
"cve": "CVE-2021-33203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33203"
}
],
"notes": [
{
"category": "general",
"text": "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33203",
"url": "https://www.suse.com/security/cve/CVE-2021-33203"
},
{
"category": "external",
"summary": "SUSE Bug 1186608 for CVE-2021-33203",
"url": "https://bugzilla.suse.com/1186608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33203"
},
{
"cve": "CVE-2021-33571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33571"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33571",
"url": "https://www.suse.com/security/cve/CVE-2021-33571"
},
{
"category": "external",
"summary": "SUSE Bug 1186611 for CVE-2021-33571",
"url": "https://bugzilla.suse.com/1186611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33571"
},
{
"cve": "CVE-2021-35042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-35042"
}
],
"notes": [
{
"category": "general",
"text": "Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-35042",
"url": "https://www.suse.com/security/cve/CVE-2021-35042"
},
{
"category": "external",
"summary": "SUSE Bug 1187785 for CVE-2021-35042",
"url": "https://bugzilla.suse.com/1187785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python36-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python38-Django-3.2.7-2.3.x86_64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.aarch64",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.ppc64le",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.s390x",
"openSUSE Tumbleweed:python39-Django-3.2.7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-35042"
}
]
}
OPENSUSE-SU-2024:11242-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jupyter-notebook-6.2.0-1.4 on GA media
Severity
Moderate
Notes
Title of the patch: jupyter-notebook-6.2.0-1.4 on GA media
Description of the patch: These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11242
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jupyter-notebook-6.2.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11242",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11242-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6524 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9971 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14041 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8768 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10255 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
}
],
"title": "jupyter-notebook-6.2.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11242-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python36-notebook-6.2.0-1.4.aarch64",
"product_id": "python36-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python36-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python38-notebook-6.2.0-1.4.aarch64",
"product_id": "python38-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python38-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python39-notebook-6.2.0-1.4.aarch64",
"product_id": "python39-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python39-notebook-lang-6.2.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python36-notebook-6.2.0-1.4.ppc64le",
"product_id": "python36-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python36-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python38-notebook-6.2.0-1.4.ppc64le",
"product_id": "python38-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python38-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python39-notebook-6.2.0-1.4.ppc64le",
"product_id": "python39-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python39-notebook-lang-6.2.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python36-notebook-6.2.0-1.4.s390x",
"product_id": "python36-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python36-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python38-notebook-6.2.0-1.4.s390x",
"product_id": "python38-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python38-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python39-notebook-6.2.0-1.4.s390x",
"product_id": "python39-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python39-notebook-lang-6.2.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python36-notebook-6.2.0-1.4.x86_64",
"product_id": "python36-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python36-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python38-notebook-6.2.0-1.4.x86_64",
"product_id": "python38-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python38-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python39-notebook-6.2.0-1.4.x86_64",
"product_id": "python39-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python39-notebook-lang-6.2.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python36-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python36-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python36-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python36-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python38-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python38-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python38-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python38-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python39-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python39-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python39-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python39-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6524"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6524",
"url": "https://www.suse.com/security/cve/CVE-2016-6524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6524"
},
{
"cve": "CVE-2016-9971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9971"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9971",
"url": "https://www.suse.com/security/cve/CVE-2016-9971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9971"
},
{
"cve": "CVE-2018-14041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14041"
}
],
"notes": [
{
"category": "general",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14041",
"url": "https://www.suse.com/security/cve/CVE-2018-14041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14041"
},
{
"cve": "CVE-2018-8768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8768"
}
],
"notes": [
{
"category": "general",
"text": "In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is \u0027fixed\u0027 by jQuery after sanitization, making it dangerous.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8768",
"url": "https://www.suse.com/security/cve/CVE-2018-8768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8768"
},
{
"cve": "CVE-2019-10255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10255"
}
],
"notes": [
{
"category": "general",
"text": "An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10255",
"url": "https://www.suse.com/security/cve/CVE-2019-10255"
},
{
"category": "external",
"summary": "SUSE Bug 1131105 for CVE-2019-10255",
"url": "https://bugzilla.suse.com/1131105"
},
{
"category": "external",
"summary": "SUSE Bug 1131652 for CVE-2019-10255",
"url": "https://bugzilla.suse.com/1131652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10255"
},
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
}
]
}
OPENSUSE-SU-2024:13887-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-Django-4.2.11-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-Django-4.2.11-2.1 on GA media
Description of the patch: These are all security issues fixed in the python310-Django-4.2.11-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13887
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
99 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-Django-4.2.11-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-Django-4.2.11-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13887",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13887-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3982 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5145 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5963 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7401 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12794 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7233 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7234 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16984 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7536 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7537 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12308 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12781 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19118 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19844 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6975 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13254 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13596 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24583 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24584 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7471 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-9402 page",
"url": "https://www.suse.com/security/cve/CVE-2020-9402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31542 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33203 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33571 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-35042 page",
"url": "https://www.suse.com/security/cve/CVE-2021-35042/"
}
],
"title": "python310-Django-4.2.11-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13887-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-Django-4.2.11-2.1.aarch64",
"product": {
"name": "python310-Django-4.2.11-2.1.aarch64",
"product_id": "python310-Django-4.2.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Django-4.2.11-2.1.aarch64",
"product": {
"name": "python311-Django-4.2.11-2.1.aarch64",
"product_id": "python311-Django-4.2.11-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-Django-4.2.11-2.1.aarch64",
"product": {
"name": "python312-Django-4.2.11-2.1.aarch64",
"product_id": "python312-Django-4.2.11-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Django-4.2.11-2.1.ppc64le",
"product": {
"name": "python310-Django-4.2.11-2.1.ppc64le",
"product_id": "python310-Django-4.2.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Django-4.2.11-2.1.ppc64le",
"product": {
"name": "python311-Django-4.2.11-2.1.ppc64le",
"product_id": "python311-Django-4.2.11-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-Django-4.2.11-2.1.ppc64le",
"product": {
"name": "python312-Django-4.2.11-2.1.ppc64le",
"product_id": "python312-Django-4.2.11-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Django-4.2.11-2.1.s390x",
"product": {
"name": "python310-Django-4.2.11-2.1.s390x",
"product_id": "python310-Django-4.2.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Django-4.2.11-2.1.s390x",
"product": {
"name": "python311-Django-4.2.11-2.1.s390x",
"product_id": "python311-Django-4.2.11-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-Django-4.2.11-2.1.s390x",
"product": {
"name": "python312-Django-4.2.11-2.1.s390x",
"product_id": "python312-Django-4.2.11-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-Django-4.2.11-2.1.x86_64",
"product": {
"name": "python310-Django-4.2.11-2.1.x86_64",
"product_id": "python310-Django-4.2.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Django-4.2.11-2.1.x86_64",
"product": {
"name": "python311-Django-4.2.11-2.1.x86_64",
"product_id": "python311-Django-4.2.11-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-Django-4.2.11-2.1.x86_64",
"product": {
"name": "python312-Django-4.2.11-2.1.x86_64",
"product_id": "python312-Django-4.2.11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Django-4.2.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64"
},
"product_reference": "python310-Django-4.2.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Django-4.2.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le"
},
"product_reference": "python310-Django-4.2.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Django-4.2.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x"
},
"product_reference": "python310-Django-4.2.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-Django-4.2.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64"
},
"product_reference": "python310-Django-4.2.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Django-4.2.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64"
},
"product_reference": "python311-Django-4.2.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Django-4.2.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le"
},
"product_reference": "python311-Django-4.2.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Django-4.2.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x"
},
"product_reference": "python311-Django-4.2.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Django-4.2.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64"
},
"product_reference": "python311-Django-4.2.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Django-4.2.11-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64"
},
"product_reference": "python312-Django-4.2.11-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Django-4.2.11-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le"
},
"product_reference": "python312-Django-4.2.11-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Django-4.2.11-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x"
},
"product_reference": "python312-Django-4.2.11-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Django-4.2.11-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
},
"product_reference": "python312-Django-4.2.11-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3982"
}
],
"notes": [
{
"category": "general",
"text": "The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3982",
"url": "https://www.suse.com/security/cve/CVE-2015-3982"
},
{
"category": "external",
"summary": "SUSE Bug 932265 for CVE-2015-3982",
"url": "https://bugzilla.suse.com/932265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3982"
},
{
"cve": "CVE-2015-5145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5145"
}
],
"notes": [
{
"category": "general",
"text": "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5145",
"url": "https://www.suse.com/security/cve/CVE-2015-5145"
},
{
"category": "external",
"summary": "SUSE Bug 937524 for CVE-2015-5145",
"url": "https://bugzilla.suse.com/937524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-5145"
},
{
"cve": "CVE-2015-5963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5963"
}
],
"notes": [
{
"category": "general",
"text": "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5963",
"url": "https://www.suse.com/security/cve/CVE-2015-5963"
},
{
"category": "external",
"summary": "SUSE Bug 941587 for CVE-2015-5963",
"url": "https://bugzilla.suse.com/941587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-5963"
},
{
"cve": "CVE-2016-7401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7401"
}
],
"notes": [
{
"category": "general",
"text": "The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7401",
"url": "https://www.suse.com/security/cve/CVE-2016-7401"
},
{
"category": "external",
"summary": "SUSE Bug 1001374 for CVE-2016-7401",
"url": "https://bugzilla.suse.com/1001374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7401"
},
{
"cve": "CVE-2017-12794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12794"
}
],
"notes": [
{
"category": "general",
"text": "In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn\u0027t affect most production sites since you shouldn\u0027t run with \"DEBUG = True\" (which makes this page accessible) in your production settings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12794",
"url": "https://www.suse.com/security/cve/CVE-2017-12794"
},
{
"category": "external",
"summary": "SUSE Bug 1056284 for CVE-2017-12794",
"url": "https://bugzilla.suse.com/1056284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12794"
},
{
"cve": "CVE-2017-7233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7233"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7233",
"url": "https://www.suse.com/security/cve/CVE-2017-7233"
},
{
"category": "external",
"summary": "SUSE Bug 1031450 for CVE-2017-7233",
"url": "https://bugzilla.suse.com/1031450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7233"
},
{
"cve": "CVE-2017-7234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7234"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7234",
"url": "https://www.suse.com/security/cve/CVE-2017-7234"
},
{
"category": "external",
"summary": "SUSE Bug 1031451 for CVE-2017-7234",
"url": "https://bugzilla.suse.com/1031451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7234"
},
{
"cve": "CVE-2018-16984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16984"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the \"view\" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16984",
"url": "https://www.suse.com/security/cve/CVE-2018-16984"
},
{
"category": "external",
"summary": "SUSE Bug 1109621 for CVE-2018-16984",
"url": "https://bugzilla.suse.com/1109621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16984"
},
{
"cve": "CVE-2018-6188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6188"
}
],
"notes": [
{
"category": "general",
"text": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6188",
"url": "https://www.suse.com/security/cve/CVE-2018-6188"
},
{
"category": "external",
"summary": "SUSE Bug 1077714 for CVE-2018-6188",
"url": "https://bugzilla.suse.com/1077714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6188"
},
{
"cve": "CVE-2018-7536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7536"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7536",
"url": "https://www.suse.com/security/cve/CVE-2018-7536"
},
{
"category": "external",
"summary": "SUSE Bug 1083304 for CVE-2018-7536",
"url": "https://bugzilla.suse.com/1083304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7536"
},
{
"cve": "CVE-2018-7537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7537"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7537",
"url": "https://www.suse.com/security/cve/CVE-2018-7537"
},
{
"category": "external",
"summary": "SUSE Bug 1083305 for CVE-2018-7537",
"url": "https://bugzilla.suse.com/1083305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7537"
},
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-12308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12308"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12308",
"url": "https://www.suse.com/security/cve/CVE-2019-12308"
},
{
"category": "external",
"summary": "SUSE Bug 1136468 for CVE-2019-12308",
"url": "https://bugzilla.suse.com/1136468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12308"
},
{
"cve": "CVE-2019-12781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12781"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12781",
"url": "https://www.suse.com/security/cve/CVE-2019-12781"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-12781",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12781"
},
{
"cve": "CVE-2019-14232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14232"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator\u0027s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14232",
"url": "https://www.suse.com/security/cve/CVE-2019-14232"
},
{
"category": "external",
"summary": "SUSE Bug 1142880 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1142880"
},
{
"category": "external",
"summary": "SUSE Bug 1215978 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1215978"
},
{
"category": "external",
"summary": "SUSE Bug 1220358 for CVE-2019-14232",
"url": "https://bugzilla.suse.com/1220358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14232"
},
{
"cve": "CVE-2019-19118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19118"
}
],
"notes": [
{
"category": "general",
"text": "Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model\u0027s save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19118",
"url": "https://www.suse.com/security/cve/CVE-2019-19118"
},
{
"category": "external",
"summary": "SUSE Bug 1157705 for CVE-2019-19118",
"url": "https://bugzilla.suse.com/1157705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19118"
},
{
"cve": "CVE-2019-19844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19844"
}
],
"notes": [
{
"category": "general",
"text": "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user\u0027s email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19844",
"url": "https://www.suse.com/security/cve/CVE-2019-19844"
},
{
"category": "external",
"summary": "SUSE Bug 1159447 for CVE-2019-19844",
"url": "https://bugzilla.suse.com/1159447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19844"
},
{
"cve": "CVE-2019-3498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3498"
}
],
"notes": [
{
"category": "general",
"text": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3498",
"url": "https://www.suse.com/security/cve/CVE-2019-3498"
},
{
"category": "external",
"summary": "SUSE Bug 1120932 for CVE-2019-3498",
"url": "https://bugzilla.suse.com/1120932"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-3498",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-3498"
},
{
"cve": "CVE-2019-6975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6975"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6975",
"url": "https://www.suse.com/security/cve/CVE-2019-6975"
},
{
"category": "external",
"summary": "SUSE Bug 1124991 for CVE-2019-6975",
"url": "https://bugzilla.suse.com/1124991"
},
{
"category": "external",
"summary": "SUSE Bug 1139945 for CVE-2019-6975",
"url": "https://bugzilla.suse.com/1139945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6975"
},
{
"cve": "CVE-2020-13254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13254"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13254",
"url": "https://www.suse.com/security/cve/CVE-2020-13254"
},
{
"category": "external",
"summary": "SUSE Bug 1172166 for CVE-2020-13254",
"url": "https://bugzilla.suse.com/1172166"
},
{
"category": "external",
"summary": "SUSE Bug 1172167 for CVE-2020-13254",
"url": "https://bugzilla.suse.com/1172167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13254"
},
{
"cve": "CVE-2020-13596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13596"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13596",
"url": "https://www.suse.com/security/cve/CVE-2020-13596"
},
{
"category": "external",
"summary": "SUSE Bug 1172166 for CVE-2020-13596",
"url": "https://bugzilla.suse.com/1172166"
},
{
"category": "external",
"summary": "SUSE Bug 1172167 for CVE-2020-13596",
"url": "https://bugzilla.suse.com/1172167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13596"
},
{
"cve": "CVE-2020-24583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24583",
"url": "https://www.suse.com/security/cve/CVE-2020-24583"
},
{
"category": "external",
"summary": "SUSE Bug 1175784 for CVE-2020-24583",
"url": "https://bugzilla.suse.com/1175784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-24583"
},
{
"cve": "CVE-2020-24584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24584"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system\u0027s standard umask rather than 0o077.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24584",
"url": "https://www.suse.com/security/cve/CVE-2020-24584"
},
{
"category": "external",
"summary": "SUSE Bug 1175784 for CVE-2020-24584",
"url": "https://bugzilla.suse.com/1175784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-24584"
},
{
"cve": "CVE-2020-7471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7471"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7471",
"url": "https://www.suse.com/security/cve/CVE-2020-7471"
},
{
"category": "external",
"summary": "SUSE Bug 1161919 for CVE-2020-7471",
"url": "https://bugzilla.suse.com/1161919"
},
{
"category": "external",
"summary": "SUSE Bug 1161920 for CVE-2020-7471",
"url": "https://bugzilla.suse.com/1161920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-7471"
},
{
"cve": "CVE-2020-9402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-9402"
}
],
"notes": [
{
"category": "general",
"text": "Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-9402",
"url": "https://www.suse.com/security/cve/CVE-2020-9402"
},
{
"category": "external",
"summary": "SUSE Bug 1165022 for CVE-2020-9402",
"url": "https://bugzilla.suse.com/1165022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-9402"
},
{
"cve": "CVE-2021-31542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31542"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31542",
"url": "https://www.suse.com/security/cve/CVE-2021-31542"
},
{
"category": "external",
"summary": "SUSE Bug 1185623 for CVE-2021-31542",
"url": "https://bugzilla.suse.com/1185623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31542"
},
{
"cve": "CVE-2021-32052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32052"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32052",
"url": "https://www.suse.com/security/cve/CVE-2021-32052"
},
{
"category": "external",
"summary": "SUSE Bug 1185713 for CVE-2021-32052",
"url": "https://bugzilla.suse.com/1185713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32052"
},
{
"cve": "CVE-2021-33203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33203"
}
],
"notes": [
{
"category": "general",
"text": "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33203",
"url": "https://www.suse.com/security/cve/CVE-2021-33203"
},
{
"category": "external",
"summary": "SUSE Bug 1186608 for CVE-2021-33203",
"url": "https://bugzilla.suse.com/1186608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33203"
},
{
"cve": "CVE-2021-33571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33571"
}
],
"notes": [
{
"category": "general",
"text": "In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33571",
"url": "https://www.suse.com/security/cve/CVE-2021-33571"
},
{
"category": "external",
"summary": "SUSE Bug 1186611 for CVE-2021-33571",
"url": "https://bugzilla.suse.com/1186611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33571"
},
{
"cve": "CVE-2021-35042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-35042"
}
],
"notes": [
{
"category": "general",
"text": "Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-35042",
"url": "https://www.suse.com/security/cve/CVE-2021-35042"
},
{
"category": "external",
"summary": "SUSE Bug 1187785 for CVE-2021-35042",
"url": "https://bugzilla.suse.com/1187785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python310-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python311-Django-4.2.11-2.1.x86_64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.aarch64",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.ppc64le",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.s390x",
"openSUSE Tumbleweed:python312-Django-4.2.11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-35042"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…