PYSEC-2019-150

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/bodhi/PYSEC-2019-150.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-150
Aliases
Published
2019-01-10T21:29:00Z
Modified
2026-06-10T17:00:37.280311941Z
Summary
[none]
Details

Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.

References

Affected packages

PyPI / bodhi

Package

Name
bodhi
View open source insights on deps.dev
Purl
pkg:pypi/bodhi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0

Affected versions

2.*
2.3.0
2.3.1
2.3.3
2.4.0
2.5.0
2.7.0
2.9.0

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/bodhi/PYSEC-2019-150.yaml"