opensc: fix CVE-2024-8443 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-01-16 21:45:01 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-01-20 19:45:27 -0500
commit	f8840edf8c474ea410744f92624da66dcac9e816 (patch)
tree	7ef3ab08dff92e605201903134e5c6f7796dfdcf /meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch
parent	c4d91d1673023ab0a6f445822c506672969e5f81 (diff)
download	meta-openembedded-f8840edf8c474ea410744f92624da66dcac9e816.tar.gz

opensc: fix CVE-2024-8443

CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: