vulnerability

Oracle Linux: CVE-2019-16935: ELSA-2020-4433: python3 security and bug fix update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2019-09-21
Added
2020-10-07
Modified
2025-01-07

Description

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
A reflected cross-site scripting (XSS) vulnerability was found in Python XML-RPC server. The `server_title` field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the affected user.

Solution(s)

oracle-linux-upgrade-platform-pythonoracle-linux-upgrade-platform-python-debugoracle-linux-upgrade-platform-python-develoracle-linux-upgrade-pythonoracle-linux-upgrade-python3oracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-debugoracle-linux-upgrade-python-develoracle-linux-upgrade-python-libsoracle-linux-upgrade-python-testoracle-linux-upgrade-python-toolsoracle-linux-upgrade-tkinter

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today