|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-4124: janus-gateway: XSS during web page generation | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Thomas Leroy <thomas.leroy> |
| Component: | Security | Assignee: | Michael Ströder <michael> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | ||
| Version: | Leap 15.3 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/317815/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
openSUSE:Factory should be affected Already fixed by upstream update (see #1193156). *** This bug has been marked as a duplicate of bug 1193156 *** |
CVE-2021-4124 janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4124 https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190