Описание
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| epiphany-browser | fixed | 41.2-1 | package | |
| epiphany-browser | not-affected | buster | package | |
| epiphany-browser | not-affected | stretch | package |
Примечания
https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
CVSS3: 6.1
nvd
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
github
около 4 лет назад
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.