RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 1732595 - Current novnc version has XSS vulnerability
Summary: Current novnc version has XSS vulnerability
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: RDO
Classification: Community
Component: novnc
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: trunk
Assignee: Eoghan Glynn
QA Contact: Shai Revivo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-23 20:23 UTC by Jim Rollenhagen
Modified: 2025-02-10 03:59 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-02-10 03:59:50 UTC
Embargoed:

Attachments (Terms of Use)

Description Jim Rollenhagen 2019-07-23 20:23:20 UTC 
Description of problem:
Currently, the Rocky and Stein (and presumably earlier) versions of the RDO repositories package novnc 0.5.1. Per [0], novnc 0.6.2 fixes an XSS vulnerability. Could we please package a newer version without this vulnerability? Thanks!

[0] https://github.com/novnc/noVNC/issues/748
[1] https://bugs.launchpad.net/horizon/+bug/1656435
Comment 1 Red Hat Bugzilla 2025-02-10 03:59:50 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.
Note You need to log in before you can comment on or make changes to this bug.