Bug 1106857 (CVE-2014-3995) - CVE-2014-3995 python-djblets: XSS Vulnerability in Djblets gravatar templates
Summary: CVE-2014-3995 python-djblets: XSS Vulnerability in Djblets gravatar templates
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3995
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1105560 1106859
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-09 17:50 UTC by Vincent Danen
Modified: 2019-09-29 13:18 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-18 21:03:22 UTC
Embargoed:

Attachments (Terms of Use)

Description Vincent Danen 2014-06-09 17:50:51 UTC 
It was reported [1],[2] that he generated gravatar HTML wasn't handling escaping of the display name of the user, allowing an attacker to choose a name that would close out the <img> tag and inject a <script> tag.

By switching to Django's format_html(), we can guarantee safe escaping of content.

Patches for 0.7.x [3] and 0.8.x [4] are available.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1105560
[3] http://seclists.org/oss-sec/2014/q2/494
[4] https://reviews.reviewboard.org/r/5947/diff/
[5] https://reviews.reviewboard.org/r/5946/diff/
Comment 1 Vincent Danen 2014-06-09 17:53:24 UTC 
Created python-djblets tracking bugs for this issue:

Affects: epel-6 [bug 1106859]
Comment 2 Vincent Danen 2014-06-18 21:03:22 UTC 
python-djblets-0.7.30-2.fc20 has been pushed to the Fedora 20 stable repository.

python-djblets-0.7.30-2.fc19 has been pushed to the Fedora 19 stable repository.
Note You need to log in before you can comment on or make changes to this bug.