Описание
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pacparser | fixed | 1.4.3-1 | package | |
| pacparser | no-dsa | bookworm | package | |
| pacparser | no-dsa | bullseye | package | |
| pacparser | no-dsa | buster | package |
Примечания
https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9
https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2)
EPSS
Связанные уязвимости
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
EPSS