Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2022-1947
Vulnerability from csaf_certbund
Published
2019-06-11 22:00
Modified
2023-10-15 22:00
Summary
Red Hat Single Sign On: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Single Sign-On ist ein eigenständiger Server, basierend auf dem Keycloak Projekt.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat Single Sign On ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, einen Denial of Service Zustand hervorzurufen, Informationen auszuspähen, Sicherheitsvorkehrungen zu umgehen oder beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Single Sign-On ist ein eigenst\u00e4ndiger Server, basierend auf dem Keycloak Projekt.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Single Sign On ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, einen Denial of Service Zustand hervorzurufen, Informationen auszusp\u00e4hen, Sicherheitsvorkehrungen zu umgehen oder beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1947 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1947.json" }, { "category": "self", "summary": "WID-SEC-2022-1947 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1947" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5693 vom 2023-10-16", "url": "https://access.redhat.com/errata/RHSA-2023:5693" }, { "category": "external", "summary": "Red Hat Security Advisory: RHSA-2019:1456 vom 2019-06-11", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2439 vom 2019-08-12", "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0132 vom 2020-01-16", "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0133 vom 2020-01-16", "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2587 vom 2019-09-05", "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3023 vom 2019-10-10", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3024 vom 2019-10-10", "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "category": "external", "summary": "PoC Collection \"awesome-cve-poc\" vom 2019-11-05", "url": "https://github.com/qazbnm456/awesome-cve-poc" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1325 vom 2020-04-06", "url": "https://access.redhat.com/errata/RHSA-2020:1325" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:2412 vom 2020-07-13", "url": "https://access.redhat.com/errata/RHSA-2020:2412" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:3247 vom 2020-08-04", "url": "https://access.redhat.com/errata/RHSA-2020:3247" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:3936 vom 2020-09-29", "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4670 vom 2020-11-04", "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4847 vom 2020-11-04", "url": "https://access.redhat.com/errata/RHSA-2020:4847" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5581 vom 2020-12-16", "url": "https://access.redhat.com/errata/RHSA-2020:5581" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5571 vom 2020-12-16", "url": "https://access.redhat.com/errata/RHSA-2020:5571" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7343 vom 2022-11-02", "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28", "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8848 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8848" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8865 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8865" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-1905 vom 2023-01-23", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1905.html" } ], "source_lang": "en-US", "title": "Red Hat Single Sign On: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-15T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:02:26.294+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1947", "initial_release_date": "2019-06-11T22:00:00.000+00:00", "revision_history": [ { "date": "2019-06-11T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2019-08-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-09-04T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-10-10T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-11-05T23:00:00.000+00:00", "number": "5", "summary": "Exploit aufgenommen" }, { "date": "2020-01-16T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-04-05T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-07-13T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-08-04T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-09-29T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-11-03T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-12-16T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-02T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-07T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-01-23T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-10-15T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "17" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat Single Sign On 7.3", "product": { "name": "Red Hat Single Sign On 7.3", "product_id": "T014361", "product_identification_helper": { "cpe": "cpe:/a:redhat:single_sign_on:7.3" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-10735", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2016-10735" }, { "cve": "CVE-2018-14041", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2018-14041" }, { "cve": "CVE-2018-20676", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2018-20676" }, { "cve": "CVE-2018-20677", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2018-20677" }, { "cve": "CVE-2019-3872", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-3872" }, { "cve": "CVE-2019-3873", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-3873" }, { "cve": "CVE-2019-8331", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstellen muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-8331" }, { "cve": "CVE-2019-3888", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existiert eine Schwachstelle. Die Schwachstelle existiert dadurch, dass der Undertow Web Server die Anmeldeinformation in Klartext in Log-Daten schreibt. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um diese Anmeldeinformationen offenzulegen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-3888" }, { "cve": "CVE-2019-3875", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existiert eine Schwachstelle. Die Schwachstelle existiert aufgrund einer unzureichenden Sperrpr\u00fcfung bei der Validierung von X.509-Zertifikaten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-3875" }, { "cve": "CVE-2019-10157", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existiert eine Schwachstelle. Die Schwachstelle existiert aufgrund einer fehlenden Validierung von Zertifikaten, in dessen Folge der Benutzer ausgeloggt wird und sich nicht mehr einloggen kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand zu erzeugen." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-10157" }, { "cve": "CVE-2019-11358", "notes": [ { "category": "description", "text": "In Red Hat Single Sign On existiert eine Schwachstelle. Die Schwachstelle existiert in der Komponente jQuery, welche anf\u00e4llig f\u00fcr einen prototype-pollution-Angriff ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder beliebigen Programmcode auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T014361", "67646", "398363" ] }, "release_date": "2019-06-11T22:00:00Z", "title": "CVE-2019-11358" } ] }
cve-2019-11358
Vulnerability from cvelistv5
Published
2019-04-19 00:00
Modified
2024-11-15 15:11
Severity ?
EPSS score ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:48:09.199Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.drupal.org/sa-core-2019-006" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "name": "DSA-4434", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "name": "108023", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108023" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "name": "FEDORA-2019-eba8e44ee6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "name": "FEDORA-2019-1a3edd7e8a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "name": "FEDORA-2019-7eaf0bbe7c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "name": "FEDORA-2019-2a0ce0c58c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "name": "FEDORA-2019-a06dffab1c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "name": "FEDORA-2019-f563e66380", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "DSA-4460", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "name": "openSUSE-SU-2019:1839", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "openSUSE-SU-2019:1872", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "name": "RHSA-2019:2587", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2019-08" }, { "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2020-02" }, { "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_transferred" ], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "tags": [ "x_transferred" ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "tags": [ "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "tags": [ "x_transferred" ], "url": "https://github.com/jquery/jquery/pull/4333" }, { "tags": [ "x_transferred" ], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "tags": [ "x_transferred" ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-11358", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T15:03:16.892088Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:11:23.024Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-31T02:06:52.187292", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.drupal.org/sa-core-2019-006" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "name": "DSA-4434", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": [ "mailing-list" ], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "name": "108023", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/108023" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "name": "FEDORA-2019-eba8e44ee6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "name": "FEDORA-2019-1a3edd7e8a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "name": "FEDORA-2019-7eaf0bbe7c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "name": "FEDORA-2019-2a0ce0c58c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "name": "FEDORA-2019-a06dffab1c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "name": "FEDORA-2019-f563e66380", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "DSA-4460", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": [ "mailing-list" ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "name": "openSUSE-SU-2019:1839", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "openSUSE-SU-2019:1872", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "name": "RHSA-2019:2587", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "url": "https://www.tenable.com/security/tns-2019-08" }, { "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "url": "https://www.tenable.com/security/tns-2020-02" }, { "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "url": "https://github.com/jquery/jquery/pull/4333" }, { "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11358", "datePublished": "2019-04-19T00:00:00", "dateReserved": "2019-04-19T00:00:00", "dateUpdated": "2024-11-15T15:11:23.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10157
Vulnerability from cvelistv5
Published
2019-06-12 13:48
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108734 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:10:10.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157" }, { "name": "108734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108734" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "keycloak", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "4.8.3" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that Keycloak\u0027s Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-12T14:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157" }, { "name": "108734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108734" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10157", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "keycloak", "version": { "version_data": [ { "version_value": "4.8.3" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that Keycloak\u0027s Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-345" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157" }, { "name": "108734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108734" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10157", "datePublished": "2019-06-12T13:48:42", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:10:10.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-20677
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:05:17.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27045" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T17:07:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27045" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20677", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "name": "https://github.com/twbs/bootstrap/issues/27045", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27045" }, { "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "name": "https://github.com/twbs/bootstrap/pull/27047", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20677", "datePublished": "2019-01-09T05:00:00", "dateReserved": "2019-01-08T00:00:00", "dateUpdated": "2024-08-05T12:05:17.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10735
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
References
▼ | URL | Tags |
---|---|---|
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 | x_refsource_MISC | |
https://github.com/twbs/bootstrap/pull/26460 | x_refsource_MISC | |
https://github.com/twbs/bootstrap/issues/20184 | x_refsource_MISC | |
https://github.com/twbs/bootstrap/pull/23687 | x_refsource_MISC | |
https://github.com/twbs/bootstrap/pull/23679 | x_refsource_MISC | |
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2019:1456 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHBA-2019:1076 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHBA-2019:1570 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:3023 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2020:0132 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2020:0133 | vendor-advisory, x_refsource_REDHAT | |
https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:30:20.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/26460" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/20184" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/23687" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/23679" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T17:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/26460" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/20184" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/23687" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/23679" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10735", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "name": "https://github.com/twbs/bootstrap/pull/26460", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26460" }, { "name": "https://github.com/twbs/bootstrap/issues/20184", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/20184" }, { "name": "https://github.com/twbs/bootstrap/pull/23687", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/23687" }, { "name": "https://github.com/twbs/bootstrap/pull/23679", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/23679" }, { "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10735", "datePublished": "2019-01-09T05:00:00", "dateReserved": "2019-01-08T00:00:00", "dateUpdated": "2024-08-06T03:30:20.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-20676
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:05:17.824Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27044" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T17:07:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27044" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20676", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/twbs/bootstrap/issues/27044", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27044" }, { "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "name": "https://github.com/twbs/bootstrap/pull/27047", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "RHBA-2019:1076", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "name": "RHBA-2019:1570", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2020:0132", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "name": "RHSA-2020:0133", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20676", "datePublished": "2019-01-09T05:00:00", "dateReserved": "2019-01-08T00:00:00", "dateUpdated": "2024-08-05T12:05:17.824Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3873
Vulnerability from cvelistv5
Published
2019-06-12 13:43
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108739 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | picketlink |
Version: as shipped with Jboss Enterprise Application Server 7.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873" }, { "name": "108739", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108739" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "picketlink", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "as shipped with Jboss Enterprise Application Server 7.2" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-06T18:06:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873" }, { "name": "108739", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108739" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3873", "datePublished": "2019-06-12T13:43:46", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3888
Vulnerability from cvelistv5
Published
2019-06-12 13:45
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108739 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2019:2439 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:2998 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2020:0727 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20220210-0019/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.684Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888" }, { "name": "108739", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108739" }, { "name": "RHSA-2019:2439", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "name": "RHSA-2020:0727", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220210-0019/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "undertow", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "2.0.21" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T09:06:30", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888" }, { "name": "108739", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108739" }, { "name": "RHSA-2019:2439", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "name": "RHSA-2020:0727", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220210-0019/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3888", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "undertow", "version": { "version_data": [ { "version_value": "2.0.21" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)" } ] }, "impact": { "cvss": [ [ { "vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-532" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888" }, { "name": "108739", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108739" }, { "name": "RHSA-2019:2439", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "name": "RHSA-2020:0727", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "name": "https://security.netapp.com/advisory/ntap-20220210-0019/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220210-0019/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3888", "datePublished": "2019-06-12T13:45:20", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8331
Vulnerability from cvelistv5
Published
2019-02-20 16:00
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:17:31.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107375", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107375" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E" }, { "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/28236" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K24383845" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-02-20T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T17:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "107375", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107375" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E" }, { "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/28236" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K24383845" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-14" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8331", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "107375", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107375" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E" }, { "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E" }, { "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://github.com/twbs/bootstrap/pull/28236", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/28236" }, { "name": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1" }, { "name": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", "refsource": "CONFIRM", "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" }, { "name": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1" }, { "name": "https://support.f5.com/csp/article/K24383845", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845" }, { "name": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-8331", "datePublished": "2019-02-20T16:00:00", "dateReserved": "2019-02-13T00:00:00", "dateUpdated": "2024-08-04T21:17:31.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14041
Vulnerability from cvelistv5
Published
2018-07-13 14:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:40.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/pull/26630" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/26423" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/twbs/bootstrap/issues/26627" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-13T00:00:00", "descriptions": [ { "lang": "en", "value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/pull/26630" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/26423" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/twbs/bootstrap/issues/26627" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://github.com/twbs/bootstrap/pull/26630", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630" }, { "name": "https://github.com/twbs/bootstrap/issues/26423", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423" }, { "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "name": "https://github.com/twbs/bootstrap/issues/26627", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26627" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14041", "datePublished": "2018-07-13T14:00:00", "dateReserved": "2018-07-13T00:00:00", "dateUpdated": "2024-08-05T09:21:40.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3872
Vulnerability from cvelistv5
Published
2019-06-12 13:45
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108732 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | picketlink |
Version: as shipped with Jboss Enterprise Application Platform 7.2.x and 7.1.x |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872" }, { "name": "108732", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108732" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "picketlink", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "as shipped with Jboss Enterprise Application Platform 7.2.x and 7.1.x" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-12T14:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872" }, { "name": "108732", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108732" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3872", "datePublished": "2019-06-12T13:45:56", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3875
Vulnerability from cvelistv5
Published
2019-06-12 13:51
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols ('http' or 'ldap') and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn't validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108748 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875" }, { "name": "108748", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108748" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "keycloak", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "6.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (\u0027http\u0027 or \u0027ldap\u0027) and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn\u0027t validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-13T13:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875" }, { "name": "108748", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108748" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3875", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "keycloak", "version": { "version_data": [ { "version_value": "6.0.2" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (\u0027http\u0027 or \u0027ldap\u0027) and hence the caller should verify the signature and possibly the certification path. Keycloak currently doesn\u0027t validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle." } ] }, "impact": { "cvss": [ [ { "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-345" } ] }, { "description": [ { "lang": "eng", "value": "CWE-295" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875" }, { "name": "108748", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108748" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3875", "datePublished": "2019-06-12T13:51:38", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.