MGASA-2020-0374

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0374.html

Import Source

https://advisories.mageia.org/MGASA-2020-0374.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0374

Related

CVE-2017-18635

Published

2020-09-27T20:06:37Z

Modified

2020-09-27T19:35:18Z

Summary

Updated novnc package fixes a security vulnerability

Details

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / novnc

Package

Name: novnc
Purl: pkg:rpm/mageia/novnc?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.1-2.1.mga7

Ecosystem specific

{
    "section": "core"
}