Back to bug 2215234
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-06-15 06:40:11 UTC | Depends On | 2215236, 2215235 | |
| Sandipan Roy | 2023-06-15 06:41:05 UTC | Blocks | 2215237 | |
| Patrick Del Bello | 2023-06-16 20:28:58 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Avinash Hanwate | 2023-06-20 12:46:10 UTC | CC | aileenc, alampare, alazarot, anstephe, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, clement.escoffier, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, emingora, eric.wittmann, fjuma, fmongiar, gjospin, gmalinko, gsmet, hamadhan, hbraun, ibek, ivassile, iweiss, janstey, jmartisk, jnethert, jpavlik, jpechane, jpoth, jrokos, jross, jscholz, kverlaen, lbacciot, lgao, lthon, max.andersen, mnovotny, mosmerov, msochure, mstefank, msvehla, nwallace, pantinor, pdelbell, pdrozd, peholase, pgallagh, pmackay, probinso, pskopek, rguimara, rjohnson, rkieley, rowaters, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, tqvarnst, yfang | |
| Avinash Hanwate | 2023-06-20 14:27:34 UTC | CC | abenaiss, ellin, scorneli, shbose | |
| Red Hat Bugzilla | 2023-07-07 08:32:33 UTC | Assignee | security-response-team | nobody |
| Red Hat Bugzilla | 2023-07-21 22:26:29 UTC | CC | jpavlik | |
| Chess Hazlett | 2023-07-26 16:22:15 UTC | Fixed In Version | jtidy 1.0.4 | |
| Chess Hazlett | 2023-07-26 16:48:53 UTC | Flags | needinfo?(mbenatto) | |
| Priority | medium | high | ||
| Severity | medium | high | ||
| CC | mbenatto | |||
| Chess Hazlett | 2023-07-26 16:49:24 UTC | CC | ahanwate | |
| Flags | needinfo?(ahanwate) | |||
| Chess Hazlett | 2023-07-26 16:49:51 UTC | Flags | needinfo?(juneau) | |
| CC | juneau | |||
| Chess Hazlett | 2023-07-26 16:57:12 UTC | Doc Text | Using jtidy to parse untrusted html could be vulnerable to denial of service (DOS) attacks. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow. | |
| Marco Benatto | 2023-07-26 21:03:26 UTC | CC | thoger | |
| Flags | needinfo?(thoger) | |||
| Marco Benatto | 2023-07-26 21:03:54 UTC | Flags | needinfo?(mbenatto) | |
| Tomas Hoger | 2023-07-27 09:23:07 UTC | Flags | needinfo?(thoger) | |
| Avinash Hanwate | 2023-07-28 03:57:24 UTC | Flags | needinfo?(ahanwate) | |
| TEJ RATHI | 2023-08-08 14:24:31 UTC | Flags | needinfo?(juneau) | |
| CC | dbhole | |||
| TEJ RATHI | 2023-08-08 14:28:23 UTC | CC | dbhole | |
| TEJ RATHI | 2023-08-08 14:29:20 UTC | Depends On | 2230043, 2230044, 2230041 | |
| TEJ RATHI | 2023-08-08 14:33:23 UTC | Depends On | 2230046, 2230047 | |
| Chess Hazlett | 2023-08-08 20:23:33 UTC | Alias | TRIAGE-CVE-2023-34623 | CVE-2023-34623 |
| Summary | TRIAGE-CVE-2023-34623 jtidy: denial of service via crafted object that uses cyclic dependencies | CVE-2023-34623 jtidy: denial of service via crafted object that uses cyclic dependencies | ||
| Paige Jung | 2023-08-08 21:16:21 UTC | Doc Text | Using jtidy to parse untrusted html could be vulnerable to denial of service (DOS) attacks. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow. | A flaw was found in jtidy when parsing untrusted html. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow, resulting in a denial of service (DoS). |
Back to bug 2215234