RHSA-2020:4847-01 -- Centos apache-commons-collections, apache-commons-lang, apache-commons-net, bea-stax, glassfish-fastinfoset, glassfish-jaxb, glassfish-jaxb-api, jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, jackson-module-jaxb-annotations, jakarta-commons-httpclient, javassist, jss, ldapjdk, pki-core, pki-servlet-engine, python-nss, relaxngDatatype, resteasy, slf4j, stax-ex, tomcatjss, velocity, xalan-j2, xerces-j2, xml-commons-apis, xml-commons-resolver, xmlstreambuffer, xsom-0ID: oval:org.secpod.oval:def:68019 | Date: (C)2020-12-23 (M)2024-05-24 | Class: PATCH | Family: unix |
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribute * bootstrap: Cross-site Scripting in the data-container property of tooltip * bootstrap: XSS in the tooltip or popover data-template attribute * jquery: Prototype pollution in object"s prototype leading to denial of service, remote code execution, or property injection * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method * jquery: Passing HTML containing lt;optiongt; elements to manipulation methods could result in untrusted code execution * pki: Dogtag"s python client does not validate certificates * pki-core: Reflected XSS in "path length" constraint field in CA"s Agent page * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA"s DRM agent page in authorize recovery tab * pki-core: Reflected XSS in getcookies?url= endpoint in CA * pki-core: KRA vulnerable to reflected XSS via the getPk12 page For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.3 Release Notes linked from the References section. Product: | apache-commons-collections | apache-commons-lang | apache-commons-net | bea-stax | glassfish-fastinfoset | glassfish-jaxb | glassfish-jaxb-api | jackson-annotations | jackson-core | jackson-databind | jackson-jaxrs-providers | jackson-module-jaxb-annotations | jakarta-commons-httpclient | javassist | jss | ldapjdk | pki-core | pki-servlet-engine | python-nss | relaxngDatatype | resteasy | slf4j | stax-ex | tomcatjss | velocity | xalan-j2 | xerces-j2 | xml-commons-apis | xml-commons-resolver | xmlstreambuffer | xsom-0 |
|