Moderate severityNVD Advisory· Published Jul 17, 2024· Updated Mar 13, 2025
CVE-2024-39126
CVE-2024-39126
Description
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
roundupPyPI | < 2.4.0 | 2.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x37x-qf4v-f54fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39126ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yamlghsaWEB
- github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631ghsaWEB
- www.roundup-tracker.orgghsaWEB
- www.roundup-tracker.org/docs/security.htmlghsaWEB
News mentions
0No linked articles in our index yet.