USN-4522-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-4522-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4522-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4522-1

Related

Published

2020-09-21T18:50:17.174870Z

Modified

2020-09-21T18:50:17.174870Z

Summary

novnc vulnerability

Details

It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2017-18635)

References

Affected packages

Ubuntu:16.04:LTS / novnc

Package

Name: novnc
Purl: pkg:deb/ubuntu/novnc?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1

Affected versions

1:0.*

1:0.4+dfsg+1+20131010+gitf68af8af3d-4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1",
            "binary_name": "novnc"
        },
        {
            "binary_version": "1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1",
            "binary_name": "python-novnc"
        }
    ]
}