pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2020-3435/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

182 lines
7.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203435",
"Version": "oval:org.altlinux.errata:def:20203435",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3435: package `gem-rails` update to version 5.2.4.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3435",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3435",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03552",
"RefURL": "https://bdu.fstec.ru/vul/2021-03552",
"Source": "BDU"
},
{
"RefID": "CVE-2020-15169",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169",
"Source": "CVE"
}
],
"Description": "This update upgrades gem-rails to version 5.2.4.4-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03552: Уязвимость функции translate из translation_helper.rb программной платформы Ruby on Rails, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2020-15169: In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-12-02"
},
"Updated": {
"Date": "2020-12-02"
},
"BDUs": [
{
"ID": "BDU:2021-03552",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2021-03552",
"Impact": "Low",
"Public": "20200910"
}
],
"CVEs": [
{
"ID": "CVE-2020-15169",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169",
"Impact": "Low",
"Public": "20200911"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203435001",
"Comment": "gem-actioncable is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435002",
"Comment": "gem-actioncable-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435003",
"Comment": "gem-actionmailer is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435004",
"Comment": "gem-actionmailer-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435005",
"Comment": "gem-actionpack is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435006",
"Comment": "gem-actionpack-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435007",
"Comment": "gem-actionview is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435008",
"Comment": "gem-actionview-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435009",
"Comment": "gem-activejob is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435010",
"Comment": "gem-activejob-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435011",
"Comment": "gem-activemodel is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435012",
"Comment": "gem-activemodel-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435013",
"Comment": "gem-activerecord is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435014",
"Comment": "gem-activerecord-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435015",
"Comment": "gem-activestorage is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435016",
"Comment": "gem-activestorage-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435017",
"Comment": "gem-activesupport is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435018",
"Comment": "gem-activesupport-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435019",
"Comment": "gem-rails is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435020",
"Comment": "gem-railties is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435021",
"Comment": "gem-railties-doc is earlier than 0:5.2.4.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203435022",
"Comment": "rails is earlier than 0:5.2.4.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink