FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
8d85d600-84a9-11ea-97b9-08002728f74c | Wagtail -- XSS vulnerability
Wagtail release notes:
CVE-2020-11001: Possible XSS attack via page revision comparison view
This release addresses a cross-site scripting (XSS) vulnerability on
the page revision comparison view within the Wagtail admin interface. A
user with a limited-permission editor account for the Wagtail admin
could potentially craft a page revision history that, when viewed by a
user with higher privileges, could perform actions with that user
credentials. The vulnerability is not exploitable by an ordinary site
visitor without access to the Wagtail admin.
Discovery 2020-04-03 Entry 2020-04-22 py35-wagtail
py36-wagtail
py37-wagtail
py38-wagtail
< 2.7.2
https://docs.wagtail.io/en/latest/releases/2.7.2.html
https://github.com/advisories/GHSA-v2wc-pfq2-5cm6
CVE-2020-11001
|
d5fead4f-8efa-11ea-a5c8-08002728f74c | Wagtail -- potential timing attack vulnerability
Wagtail release notes:
CVE-2020-11037: Potential timing attack on password-protected private pages
This release addresses a potential timing attack on pages or documents
that have been protected with a shared password through Wagtail's
"Privacy" controls. This password check is performed through a
character-by-character string comparison, and so an attacker who is
able to measure the time taken by this check to a high degree of
accuracy could potentially use timing differences to gain knowledge of
the password. (This is understood to be feasible on a local network, but
not on the public internet.)
Discovery 2020-05-04 Entry 2020-05-05 py35-wagtail
py36-wagtail
py37-wagtail
py38-wagtail
< 2.7.3
ge 2.8 lt 2.8.2
https://docs.wagtail.io/en/latest/releases/2.8.2.html
https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6
CVE-2020-11037
|