rpm package
suse/spacewalk-java&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11022 | Med | 6.9 | < 4.1.18-3.5.3 | 4.1.18-3.5.3 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |
| CVE-2019-5427 | — | < 4.1.44-3.66.2 | 4.1.44-3.66.2 | Apr 22, 2019 | c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | ||
| CVE-2018-20433 | — | < 4.1.44-3.66.2 | 4.1.44-3.66.2 | Dec 24, 2018 | c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. |
- affected < 4.1.18-3.5.3fixed 4.1.18-3.5.3
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- CVE-2019-5427Apr 22, 2019affected < 4.1.44-3.66.2fixed 4.1.44-3.66.2
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
- CVE-2018-20433Dec 24, 2018affected < 4.1.44-3.66.2fixed 4.1.44-3.66.2
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
Page 2 of 2