Djblets Release Notes reports:
A recently-discovered vulnerability in the datagrid templates allows an
attacker to generate a URL to any datagrid page containing malicious code
in a column sorting value. If the user visits that URL and then clicks
that column, the code will execute.
The cause of the vulnerability was due to a template not escaping
user-provided values.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-djblets | < 0.9.2 | UNKNOWN |
FreeBSD | any | noarch | py32-djblets | < 0.9.2 | UNKNOWN |
FreeBSD | any | noarch | py33-djblets | < 0.9.2 | UNKNOWN |
FreeBSD | any | noarch | py34-djblets | < 0.9.2 | UNKNOWN |
FreeBSD | any | noarch | py35-djblets | < 0.9.2 | UNKNOWN |