CVE-2024-26140

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 4.6

CVSS3: 6.1

EPSS Низкий

Описание

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist.

Ссылки

https://clojars.org/com.yetanalytics/lrs/versions/1.2.17
Product
Release Notes
https://github.com/yetanalytics/lrs/commit/d7f4883bc2252337d25e8bba2c7f9d172f5b0621
Patch
https://github.com/yetanalytics/lrs/releases/tag/v1.2.17
Release Notes
https://github.com/yetanalytics/lrs/security/advisories/GHSA-7rw2-3hhp-rc46
Vendor Advisory
https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5
Release Notes
https://clojars.org/com.yetanalytics/lrs/versions/1.2.17
Product
Release Notes
https://github.com/yetanalytics/lrs/commit/d7f4883bc2252337d25e8bba2c7f9d172f5b0621
Patch
https://github.com/yetanalytics/lrs/releases/tag/v1.2.17
Release Notes
https://github.com/yetanalytics/lrs/security/advisories/GHSA-7rw2-3hhp-rc46
Vendor Advisory
https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yetanalytics:lrs:*:*:*:*:*:*:*:*

Версия до 1.2.17 (исключая)

cpe:2.3:a:yetanalytics:sql_lrs:*:*:*:*:*:*:*:*

Версия до 0.7.5 (исключая)

EPSS

Процентиль: 38%

0.00166

Низкий

4.6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7rw2-3hhp-rc46

CVSS3: 4.6

github

почти 2 года назад

Cross-site Scripting Vulnerability in Statement Browser

EPSS

Процентиль: 38%

0.00166

Низкий

4.6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79