UBUNTU-CVE-2020-11082
- Source
- https://ubuntu.com/security/CVE-2020-11082
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-11082.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-11082
- Upstream
- Published
- 2020-05-28T21:15:00Z
- Modified
- 2025-10-24T04:48:24Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
- References
-
- https://ubuntu.com/security/CVE-2020-11082
- https://github.com/github/advisory-review/pull/1020
- https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
- https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
- https://www.cve.org/CVERecord?id=CVE-2020-11082
Affected packages
Ubuntu:16.04:LTS / ruby-kaminari
Package
- Name
- ruby-kaminari
- Purl
- pkg:deb/ubuntu/ruby-kaminari@0.16.3-1?arch=source&distro=xenial
Ubuntu:18.04:LTS / ruby-kaminari
Package
- Name
- ruby-kaminari
- Purl
- pkg:deb/ubuntu/ruby-kaminari@0.17.0-3?arch=source&distro=bionic
Ubuntu:20.04:LTS / ruby-kaminari
Package
- Name
- ruby-kaminari
- Purl
- pkg:deb/ubuntu/ruby-kaminari@1.0.1-5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "ruby-kaminari",
"binary_version": "1.0.1-5"
},
{
"binary_name": "ruby-kaminari-actionview",
"binary_version": "1.0.1-5"
},
{
"binary_name": "ruby-kaminari-activerecord",
"binary_version": "1.0.1-5"
},
{
"binary_name": "ruby-kaminari-core",
"binary_version": "1.0.1-5"
}
]
}