Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oODk2LTZoY3AtZ2o2Y84AARlj

Moderate CVSS: 5.1 EPSS: 0.00305% (0.53277 Percentile) EPSS:
Permalink JSON

Bodhi Cross-site Scripting Vulnerability

Affected Packages Affected Versions Fixed Versions
pypi:bodhi
PURL: pkg:pypi/bodhi
<= 2.9.0 2.9.1
1 Dependent packages
4 Dependent repositories
145 Downloads last month

Affected Version Ranges

All affected versions

2.3.0, 2.3.1, 2.3.3, 2.4.0, 2.5.0, 2.7.0, 2.9.0

All unaffected versions

3.3.0, 3.10.0, 3.11.0, 3.13.0, 3.14.0, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 5.0.0, 5.1.0, 5.2.0, 5.4.0, 5.4.1, 5.7.5

Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.

References:

Identifiers

GHSA-h896-6hcp-gj6c

CVE-2017-1002152

Risk

Severity

Moderate

CVSS

CVSS Score: 5.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.00305

EPSS Percentile: 0.53277

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/fedora-infra/bodhi

Date and time

Published

over 3 years ago

Updated

21 days ago

API

JSON