Lucene search
+L

Debian: Security Advisory (DLA-1777-1)

🗓️ 07 May 2019 00:00:00Reported by Copyright (C) 2019 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 58 Views

The remote host is missing an update for the Debian 'jquery' package(s) announced via the DLA-1777-1 advisory

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool.
24 Jul 202008:16
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance
11 Jan 202416:41
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)
11 Nov 202411:31
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
21 Mar 202318:07
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
4 May 202320:23
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
30 Mar 202620:04
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in jQuery affect watsonx.data
30 Jan 202511:08
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-11358)
6 Dec 201920:52
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.
16 May 202519:26
ibm
IBM Security Bulletins
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI
17 May 202319:40
ibm
Rows per page
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.891777");
  script_cve_id("CVE-2019-11358");
  script_tag(name:"creation_date", value:"2019-05-07 02:00:06 +0000 (Tue, 07 May 2019)");
  script_version("2024-02-02T05:06:07+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-04-22 19:11:51 +0000 (Mon, 22 Apr 2019)");

  script_name("Debian: Security Advisory (DLA-1777-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB8");

  script_xref(name:"Advisory-ID", value:"DLA-1777-1");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2019/DLA-1777-1");
  script_xref(name:"URL", value:"https://www.drupal.org/sa-core-2019-006");
  script_xref(name:"URL", value:"https://wiki.debian.org/LTS");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'jquery' package(s) announced via the DLA-1777-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"jQuery mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. For additional information, please refer to the upstream advisory at [link moved to references] .

For Debian 8 Jessie, this problem has been fixed in version 1.7.2+dfsg-3.2+deb8u6.

We recommend that you upgrade your jquery packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");

  script_tag(name:"affected", value:"'jquery' package(s) on Debian 8.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB8") {

  if(!isnull(res = isdpkgvuln(pkg:"libjs-jquery", ver:"1.7.2+dfsg-3.2+deb8u6", rls:"DEB8"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Feb 2024 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 24.3
CVSS 3.16.1
EPSS0.87218
SSVC
58