Back to bug 2078757
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Vipul Nair | 2022-04-26 07:13:25 UTC | CC | aileenc, bdettelb, cfeist, chazlett, cluster-maint, drieden, dwhatley, dymurray, eric.wittmann, ggaughan, go-sig, gparvin, hbraun, ibolton, idevat, janstey, jmatthew, jmontleo, jnethert, jochrist, jramanat, jross, jschatte, jwendell, jwon, kmalyjur, mlisik, mpospisi, mwringe, njean, omular, ovanders, pahickey, pantinor, pjindal, ploffay, rareddy, rcernich, rgodfrey, scorneli, slucidi, sseago, stcannon, tojeline, zebob.m | |
| Vipul Nair | 2022-04-26 07:15:00 UTC | Depends On | 2078763, 2078761, 2078762, 2078760 | |
| Vipul Nair | 2022-04-26 07:16:20 UTC | Blocks | 2078764 | |
| Sandipan Roy | 2022-04-26 08:14:58 UTC | Depends On | 2078788 | |
| Borja Tarraso | 2022-04-26 17:45:38 UTC | Depends On | 2079022, 2079026, 2079027, 2079023, 2079024, 2079025, 2079028 | |
| Avinash Hanwate | 2022-04-27 05:27:16 UTC | Depends On | 2079145, 2079146, 2079148, 2079147, 2079149 | |
| Sage McTaggart | 2022-04-28 17:52:31 UTC | Doc Text | A Command Injection Attack was found in ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js, which allows an attacker to execute server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). This can result in loss of confidentiality, integrity and availability. | |
| RaTasha Tillery-Smith | 2022-04-28 20:34:56 UTC | Doc Text | A Command Injection Attack was found in ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js, which allows an attacker to execute server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). This can result in loss of confidentiality, integrity and availability. | A Command injection attack was found in ejs (Embedded JavaScript templates) for Node.js, which allows an attacker to execute server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command executed upon template compilation. |
| Red Hat Bugzilla | 2023-01-31 23:37:19 UTC | CC | madam | |
| Red Hat Bugzilla | 2023-02-03 23:11:31 UTC | CC | ovanders | |
| Red Hat Bugzilla | 2023-05-15 18:09:24 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-07-07 08:34:15 UTC | Assignee | security-response-team | nobody |
Back to bug 2078757