exploitDog

SUSE-SU-2024:2272-1

Опубликовано: 02 июл. 2024

Источник: suse-cvrf

Описание

Security update for python-Js2Py

This update for python-Js2Py fixes the following issues:

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code (bsc#1226660).

Список пакетов

openSUSE Leap 15.6

python311-Js2Py-0.74-150400.9.6.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242272-1/
Link for SUSE-SU-2024:2272-1
https://lists.suse.com/pipermail/sle-security-updates/2024-July/018838.html
E-Mail link for SUSE-SU-2024:2272-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1226660
SUSE Bug 1226660
https://www.suse.com/security/cve/CVE-2024-28397/
SUSE CVE CVE-2024-28397 page

Описание

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

Затронутые продукты

openSUSE Leap 15.6:python311-Js2Py-0.74-150400.9.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-28397.html
CVE-2024-28397
https://bugzilla.suse.com/1226660
SUSE Bug 1226660