Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:1846

Опубликовано: 18 мая 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
custodianoarch3.module+el8.4.0+429+6bd33feacustodia-0.6.0-3.module+el8.4.0+429+6bd33fea.noarch.rpm
opendnssecx86_641.module+el8.4.0+429+6bd33feaopendnssec-2.1.7-1.module+el8.4.0+429+6bd33fea.x86_64.rpm
python3-custodianoarch3.module+el8.4.0+429+6bd33feapython3-custodia-0.6.0-3.module+el8.4.0+429+6bd33fea.noarch.rpm
python3-kdcproxynoarch5.module+el8.3.0+244+0b2ae752python3-kdcproxy-0.4-5.module+el8.3.0+244+0b2ae752.noarch.rpm
python3-qrcodenoarch12.module+el8.4.0+429+6bd33feapython3-qrcode-5.1-12.module+el8.4.0+429+6bd33fea.noarch.rpm
python3-qrcode-corenoarch12.module+el8.4.0+429+6bd33feapython3-qrcode-core-5.1-12.module+el8.4.0+429+6bd33fea.noarch.rpm
softhsmx86_645.module+el8.4.0+429+6bd33feasofthsm-2.6.0-5.module+el8.4.0+429+6bd33fea.x86_64.rpm
softhsm-develx86_645.module+el8.4.0+429+6bd33feasofthsm-devel-2.6.0-5.module+el8.4.0+429+6bd33fea.x86_64.rpm

Показывать по

Связанные CVE

CVE-2020-11023

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-11023

CVSS3: 6.9
ubuntu
около 5 лет назад

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

redhat логотип

CVE-2020-11023

CVSS3: 6.1
redhat
около 5 лет назад

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

nvd логотип

CVE-2020-11023

CVSS3: 6.9
nvd
около 5 лет назад

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

debian логотип

CVE-2020-11023

CVSS3: 6.9
debian
около 5 лет назад

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...

rocky логотип

RLSA-2025:1338

rocky
4 месяца назад

Moderate: gcc-toolset-14-gcc security update