Опубликовано: 16 июл. 2019
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.4
Описание
Cross-site scripting invenio-records
Cross-Site Scripting (XSS) vulnerability in administration interface
Impact
A Cross-Site Scripting (XSS) vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an admin user would then later view in the admin interface.
Patches
All supported versions of Invenio-Records have been patched. You should upgrade to either v1.0.1, v1.1.1 or v1.2.2
For more information
If you have any questions or comments about this advisory:
- Email us at info@inveniosoftware.org
Пакеты
Наименование
invenio-records
pip
Затронутые версииВерсия исправления
< 1.0.2
1.0.2
Наименование
invenio-records
pip
Затронутые версииВерсия исправления
= 1.1.0
1.1.1
Наименование
invenio-records
pip
Затронутые версииВерсия исправления
>= 1.2.0, < 1.2.2
1.2.2
