DSA-2020-1 ikiwiki -- insufficient input sanitizationID: oval:org.secpod.oval:def:600001 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. For the stable distribution , this problem has been fixed in version 2.53.5. For the testing distribution , this problem has been fixed in version 3.20100312. For the unstable distribution , this problem has been fixed in version 3.20100312.