Lucene search

K
mageiaGentoo FoundationMGASA-2024-0256
HistoryJul 05, 2024 - 7:28 p.m.

Updated python-js2py packages fix security vulnerability

2024-07-0519:28:37
Gentoo Foundation
advisories.mageia.org
14
python
js2py
security vulnerability
sandbox escape
untrusted javascript
unix

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.7%

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code

OSVersionArchitecturePackageVersionFilename
Mageia9noarchpython-js2py< 0.70-3.1python-js2py-0.70-3.1.mga9

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.7%