Bug 1849206 (CVE-2020-7676)
| Summary: | CVE-2020-7676 nodejs-angular: XSS due to regex-based HTML replacement | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aboyko, aileenc, alazarot, alegrand, anpicker, anstephe, aos-bugs, ataylor, bdettelb, bmontgom, boliveir, chazlett, dhanak, doconnor, drichtar, drieden, ecerquei, emingora, eparis, erooth, etirelli, ggaughan, gmalinko, hvyas, ibek, janstey, jburrell, jcantril, jkoops, jochrist, jokerman, jrokos, jross, jstastny, jwendell, jwon, kakkoyun, kconner, krathod, kverlaen, lcosic, mkaplan, mnovotny, nstielau, osoukup, pdelbell, pdrozd, peholase, pesilva, pjindal, pkrupa, porcelli, pskopek, puebele, rcernich, rguimara, rkieley, rmartinc, rowaters, rrajasek, rstepani, sponnaga, sthorger, surbania, teagle, tomckay, tzimanyi |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nodejs-angular 1.8.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "\<option\>" elements in "\<select\>" ones changes parsing behavior, leading to possibly unsanitizing code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-23 17:35:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1851303, 1851304, 1851305, 1851306, 1911821 | ||
| Bug Blocks: | 1849207 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-06-19 20:23:17 UTC
@jshepherd added in quay as it looks like it has angular? manifest-quay.txt:quay:3.2:quay/yarnpkg-angular-1.6.2.tgz External References: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 OpenShift (OCP) 4.x includes a vulnerable version of nodejs-angular in the following containers:
- openshift4/ose-grafana (v1.6.9)
- openshift4/ose-logging-kibana5 (v1.6.9)
OpenShift ServiceMesh (OSSM) includes a vulnerable version (v1.6.6) in the openshift-service-mesh/grafana-rhel8 container.
*** Bug 1928693 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 7 Via RHSA-2021:0968 https://access.redhat.com/errata/RHSA-2021:0968 This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 6 Via RHSA-2021:0967 https://access.redhat.com/errata/RHSA-2021:0967 This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 8 Via RHSA-2021:0969 https://access.redhat.com/errata/RHSA-2021:0969 This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.6 Via RHSA-2021:0974 https://access.redhat.com/errata/RHSA-2021:0974 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7676 |