CVE-2019-1010199

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-1010199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010199.json

Aliases

GHSA-vcfc-9wcp-j623

Published

2019-07-23T18:15:14Z

Modified

2023-11-29T06:51:51.548513Z

Details

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.

References

https://github.com/ServiceStack/ServiceStack/commit/a0e0d7de20f5d1712f1793f925496def4383c610

Affected packages

Git / github.com/ServiceStack/ServiceStack

Affected ranges

Type: GIT
Repo: https://github.com/ServiceStack/ServiceStack
Events: Introduced

0The exact introduced commit is unknown

Fixed

a0e0d7de20f5d1712f1793f925496def4383c610

Affected versions

Other

v3-snapshot

v4.*

v4.0.10-sync

v4.0.17

v4.0.18

v4.0.19

v4.0.20

v4.0.21

v4.0.22

v4.0.23

v4.0.24

v4.0.30

v4.0.31

v4.0.32

v4.0.33

v4.0.34

v4.0.35

v4.0.36

v4.0.38

v4.0.40

v4.0.42

v4.0.44

v4.0.46

v4.0.48

v4.0.50

v4.0.52

v4.0.54

v4.0.56

v4.0.58

v4.0.60

v4.0.62

v4.5.0

v4.5.10

v4.5.12

v4.5.14

v4.5.2

v4.5.4

v4.5.6

v4.5.8

v5.*

v5.0.2

v5.1.0