14 lines
1.6 KiB
JSON
14 lines
1.6 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1627",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1627",
|
|
"title": "An update for epiphany is now available for openEuler-22.03-LTS",
|
|
"severity": "Important",
|
|
"description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\r\n\r\nSecurity Fix(es):\r\n\r\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)\n\nIn GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-29536",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29536",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |