Ubuntu CVE Tracker
Home
Main
Universe
Partner
CVE-2019-10904
Priority
Medium
Description
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and
roundup/cgi/wsgi_handler.py mishandle 404 errors.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10904
https://github.com/python/bugs.python.org/issues/34
https://issues.roundup-tracker.org/issue2551035
https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
https://bugs.python.org/issue36391
https://www.openwall.com/lists/oss-security/2019/04/05/1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926587
Notes
Package
Source:
roundup
(
LP
Ubuntu
Debian
)
Upstream:
needs-triage
Ubuntu 18.04 LTS:
DNE
Ubuntu 14.04 ESM:
DNE
(trusty was needed)
Patches:
More Information
Mitre
NVD
Launchpad
Debian
Updated
: 2022-04-13 13:36:44 UTC (commit
f411bd370d482ef4385c4e751d121a4055fbc009
)