CVE-2024-43782

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43782

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43782.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43782

Aliases

GHSA-fg8c-2pvj-wx3j

Published

2024-08-23T15:15:16Z

Modified

2024-10-08T04:27:21.773519Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.

References

Affected packages

Git / github.com/openedx/openedx-translations

Affected ranges

Type: GIT
Repo: https://github.com/openedx/openedx-translations
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3c4093705dec99590577c4d8270ce263f7fffc5a

Fixed

b2444340e8702c7955310331c1db5fd85b25b92b

Affected versions

open-release/redwood.*

open-release/redwood.1

open-release/redwood.2