Mageia 8: MGASA-2021-0275 High: Arbitrary Code Injection in Puddletag

mageia

June 18, 2021

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a vari...

Summary

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized (CVE-2021-23358)

References

- https://bugs.mageia.org/show_bug.cgi?id=29112

- https://www.cve.org/CVERecord?id=CVE-2021-23358

Topics Covered

security advisory high severity update mageia arbitrary code injection puddletag template function

Resolution

SRPMS

- 8/core/puddletag-2.0.2-0.git20210523.1.mga8

Publication date: 18 Jun 2021

URL: https://advisories.mageia.org/MGASA-2021-0269.html

Type: security

CVE: CVE-2021-23358

Topics Covered

security advisory high severity update mageia arbitrary code injection puddletag template function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8: MGASA-2021-0275 High: Arbitrary Code Injection in Puddletag

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8: MGASA-2021-0275 High: Arbitrary Code Injection in Puddletag

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!