Candidate: CVE-2020-11082
PublicDate: 2020-05-28 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11082
 https://github.com/github/advisory-review/pull/1020
 https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
 https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
Description:
 In Kaminari before 1.2.1, there is a vulnerability that would allow an
 attacker to inject arbitrary code into pages with pagination links. This
 has been fixed in 1.2.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_ruby-kaminari:
upstream_ruby-kaminari: needs-triage
precise/esm_ruby-kaminari: DNE
trusty_ruby-kaminari: ignored (out of standard support)
trusty/esm_ruby-kaminari: DNE
xenial_ruby-kaminari: ignored (end of standard support, was needs-triage)
bionic_ruby-kaminari: needs-triage
eoan_ruby-kaminari: ignored (reached end-of-life)
focal_ruby-kaminari: needs-triage
groovy_ruby-kaminari: not-affected (1.0.1-6)
hirsute_ruby-kaminari: not-affected (1.0.1-6)
impish_ruby-kaminari: not-affected (1.0.1-6)
jammy_ruby-kaminari: not-affected (1.0.1-6)
devel_ruby-kaminari: not-affected (1.0.1-6)