Moderate severityGHSA Advisory· Published Apr 6, 2019· Updated Aug 4, 2024
CVE-2019-10904
CVE-2019-10904
Description
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
roundupPyPI | < 2.0.0alpha0 | 2.0.0alpha0 |
Affected products
2- Range: <= 1.6
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-926q-wxr6-3crqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10904ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/04/07/1ghsamailing-listx_refsource_MLISTWEB
- bugs.python.org/issue36391ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yamlghsaWEB
- github.com/python/bugs.python.org/issues/34ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2019/04/msg00009.htmlghsamailing-listx_refsource_MLISTWEB
- pypi.org/project/roundup/2.0.0alpha0ghsaWEB
- www.openwall.com/lists/oss-security/2019/04/05/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.