vulnerability

Alpine Linux: CVE-2019-13122: Cross-site Scripting

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 10, 2019	Aug 22, 2024	Oct 1, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 10, 2019

Added

Aug 22, 2024

Modified

Oct 1, 2024

Description

A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix.

Solution

alpine-linux-upgrade-patchwork

References

CVE-2019-13122
https://attackerkb.com/topics/CVE-2019-13122
URL-https://security.alpinelinux.org/vuln/CVE-2019-13122

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today