opensc: fix CVE-2024-8443 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-01-15 15:24:22 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:26:06 -0500
commit	394846f98899f17aca8c84560070fb5aada6ebdf (patch)
tree	506fc1a433e3d54eb40478c74ee11bd5f419b34e /meta-python/recipes-devtools/python/python-numeric
parent	7e91b406fa1bc43bc8086733dc447199ecbe2919 (diff)
download	meta-openembedded-394846f98899f17aca8c84560070fb5aada6ebdf.tar.gz

opensc: fix CVE-2024-8443

CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: