728x90
CVE-2017-9802: Apache Sling XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling Servlets Post 2.3.20 Description: The Javascript method Sling.evalString() uses the javascript `eval` function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. Mitigation: Users should upgrade to version 2.3.22 or later of the Sling Servlets Post bundle. Credit: This issue was discovered and reported by Dmitriev V. Daniil Dmitriev V. Daniil <sgoesw () gmail com>. References: - https://issues.apache.org/jira/browse/SLING-7041 - https://sling.apache.org/project-information/security.html
728x90
'취약점 정보2' 카테고리의 다른 글
postgresql-9.4 security update (0) | 2017.08.16 |
---|---|
postgresql-9.6 security update (0) | 2017.08.16 |
Adobe 제품군 보안 업데이트 권고 (0) | 2017.08.10 |
ipTIME 유무선 공유기 7종 펌웨어 10.00.8 배포 (0) | 2017.08.10 |
ipTIME 유무선 공유기 17종 펌웨어 10.00.6 배포 (0) | 2017.08.10 |