RHSA-2019:3024: Moderate: ovirt-web-ui security and bug fix update
First published: Thu Oct 10 2019(Updated: )
The ovirt-web-ui package provides the web interface for Red Hat Virtualization.<br>Security Fix(es):<br><li> nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)</li> <li> bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)</li> <li> js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovirt-web-ui | <1.6.0-1.el7e | 1.6.0-1.el7e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2019:3024
- agent/software-canonical-lookup
- package-manager/redhat