rpm package
opensuse/agama-web-ui&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/agama-web-ui&distro=openSUSE%20Leap%2016.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-9277 | Hig | 8.1 | < 17+612.d8bf69336-160000.11.1 | 17+612.d8bf69336-160000.11.1 | May 22, 2026 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line te | |
| CVE-2026-42264 | Hig | 7.4 | < 17+612.d8bf69336-160000.11.1 | 17+612.d8bf69336-160000.11.1 | May 8, 2026 | Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnPropert | |
| CVE-2026-42041 | Med | 4.8 | < 17+612.d8bf69336-160000.11.1 | 17+612.d8bf69336-160000.11.1 | Apr 24, 2026 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), c | |
| CVE-2025-7339 | Low | 3.4 | < 17+612.d8bf69336-160000.11.1 | 17+612.d8bf69336-160000.11.1 | Jul 17, 2025 | on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receiv |
- affected < 17+612.d8bf69336-160000.11.1fixed 17+612.d8bf69336-160000.11.1
shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line te
- affected < 17+612.d8bf69336-160000.11.1fixed 17+612.d8bf69336-160000.11.1
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnPropert
- affected < 17+612.d8bf69336-160000.11.1fixed 17+612.d8bf69336-160000.11.1
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses (401, 403, 500, etc.), c
- affected < 17+612.d8bf69336-160000.11.1fixed 17+612.d8bf69336-160000.11.1
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receiv