CVE-2024-26140

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26140

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26140.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26140

Aliases

GHSA-7rw2-3hhp-rc46

Published

2024-02-20T22:15:08Z

Modified

2024-10-08T04:05:22.395762Z

Summary

[none]

Details

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist.

References

Affected packages

Git / github.com/yetanalytics/lrs

Affected ranges

Type: GIT
Repo: https://github.com/yetanalytics/lrs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d7f4883bc2252337d25e8bba2c7f9d172f5b0621

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.13-SNAPSHOT

v1.2.14

v1.2.15

v1.2.16

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9