openSUSE-SU-2020:0627-1

Опубликовано: 08 мая 2020

Источник: suse-cvrf

Описание

Security update for rubygem-actionview-5_1

This update for rubygem-actionview-5_1 fixes the following issues:

CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers (bsc#1167240).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

ruby2.5-rubygem-actionview-5_1-5.1.4-lp151.3.3.1

ruby2.5-rubygem-actionview-doc-5_1-5.1.4-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2DRUF2SU7M7EKAM35QQOKEOYCL6763WX/
E-Mail link for openSUSE-SU-2020:0627-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1167240
SUSE Bug 1167240
https://www.suse.com/security/cve/CVE-2020-5267/
SUSE CVE CVE-2020-5267 page

Описание

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

Затронутые продукты

openSUSE Leap 15.1:ruby2.5-rubygem-actionview-5_1-5.1.4-lp151.3.3.1

openSUSE Leap 15.1:ruby2.5-rubygem-actionview-doc-5_1-5.1.4-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-5267.html
CVE-2020-5267
https://bugzilla.suse.com/1167240
SUSE Bug 1167240

openSUSE-SU-2020:0627-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-5267

Описание

Затронутые продукты

Ссылки