svn commit: r536876 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Fri May 29 02:07:54 UTC 2020
Author: sunpoet
Date: Fri May 29 02:07:53 2020
New Revision: 536876
URL: https://svnweb.freebsd.org/changeset/ports/536876
Log:
Fix r536871
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri May 29 02:03:29 2020 (r536875)
+++ head/security/vuxml/vuln.xml Fri May 29 02:07:53 2020 (r536876)
@@ -72,13 +72,7 @@ Notes:
<blockquote cite="https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433">
<p>There was a vulnerability in versions of Kaminari that would allow an
attacker to inject arbitrary code into pages with pagination links.</p>
- <p>For example, an attacker could craft pagination links that link to
- other domain or host:
- https://example.com/posts?page=4 original_script_name=https://another-host.example.com</p>
- <p>In addition, an attacker could also craft pagination links that include
- JavaScript code that runs when a user clicks the link:
- https://example.com/posts?page=4 original_script_name=javascript:alert(42)%3b//</p>
- <p>The 1.2.1 gem including the patch has already been released.<p>
+ <p>The 1.2.1 gem including the patch has already been released.</p>
<p>All past released versions are affected by this vulnerability.</p>
</blockquote>
</body>
More information about the svn-ports-all
mailing list