Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5005-1:C4855
HistoryNov 10, 2021 - 9:42 p.m.

[SECURITY] [DSA 5005-1] ruby-kaminari security update

2021-11-1021:42:11
lists.debian.org
11

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

Debian Security Advisory DSA-5005-1 [email protected]
https://www.debian.org/security/ Markus Koschany
November 10, 2021 https://www.debian.org/security/faq

Package : ruby-kaminari
CVE ID : CVE-2020-11082
Debian Bug : 961847

A security vulnerability has been found in Kaminari, a pagination engine plugin
for Rails 3+ and other modern frameworks, that would allow an attacker to
inject arbitrary code into pages with pagination links.

For the oldstable distribution (buster), this problem has been fixed
in version 1.0.1-4+deb10u1.

We recommend that you upgrade your ruby-kaminari packages.

For the detailed security status of ruby-kaminari please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-kaminari

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Related

veracode 1
osv 4
nessus 4
openvas 2
debian 1
freebsd 2
prion 1
cve 1
debiancve 1
github 1
ubuntucve 1
veracode
veracode
Cross-site Scripting (XSS)
2020-05-29 01:18:40
osv
osv
CVE-2020-11082
2020-05-28 21:15:11
Cross-Site Scripting in Kaminari
2020-05-28 21:10:11
ruby-kaminari - security update
2021-09-22 00:00:00
nessus
nessus
Debian DLA-2763-1 : ruby-kaminari - LTS security update
2021-09-22 00:00:00
Debian DSA-5005-1 : ruby-kaminari - security update
2021-11-12 00:00:00
FreeBSD : kaminari -- potential XSS vulnerability (4e6875a2-a126-11ea-b385-08002728f74c)
2020-05-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2763-1)
2021-09-23 00:00:00
Debian: Security Advisory (DSA-5005-1)
2021-11-14 00:00:00
debian
debian
[SECURITY] [DLA 2763-1] ruby-kaminari security update
2021-09-22 15:39:57
freebsd
freebsd
kaminari -- potential XSS vulnerability
2020-04-22 00:00:00
Gitlab -- Multiple Vulnerabilities
2020-07-01 00:00:00
prion
prion
Code injection
2020-05-28 21:15:00
cve
cve
CVE-2020-11082
2020-05-28 21:15:00
debiancve
debiancve
CVE-2020-11082
2020-05-28 21:15:00
github
github
Cross-Site Scripting in Kaminari
2020-05-28 21:10:11
ubuntucve
ubuntucve
CVE-2020-11082
2020-05-28 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON
Related for DEBIAN:DSA-5005-1:C4855
veracode1osv4nessus4openvas2debian1freebsd2prion1cve1debiancve1github1ubuntucve1