Date: Fri, 29 May 2020 02:07:53 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r536876 - head/security/vuxml Message-ID: <202005290207.04T27rT3047688@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Fri May 29 02:07:53 2020 New Revision: 536876 URL: https://svnweb.freebsd.org/changeset/ports/536876 Log: Fix r536871 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 29 02:03:29 2020 (r536875) +++ head/security/vuxml/vuln.xml Fri May 29 02:07:53 2020 (r536876) @@ -72,13 +72,7 @@ Notes: <blockquote cite="https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433">; <p>There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links.</p> - <p>For example, an attacker could craft pagination links that link to - other domain or host: - https://example.com/posts?page=4 original_script_name=https://another-host.example.com</p>; - <p>In addition, an attacker could also craft pagination links that include - JavaScript code that runs when a user clicks the link: - https://example.com/posts?page=4 original_script_name=javascript:alert(42)%3b//</p>; - <p>The 1.2.1 gem including the patch has already been released.<p> + <p>The 1.2.1 gem including the patch has already been released.</p> <p>All past released versions are affected by this vulnerability.</p> </blockquote> </body>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005290207.04T27rT3047688>