← Volver a CVEs
CVE-2019-14862
MEDIUM6.1
Descripcion
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado1/2/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
knockoutjs:knockoutoracle:business_intelligenceoracle:goldengateredhat:decision_managerredhat:process_automation
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14862(secalert@redhat.com)
https://snyk.io/vuln/npm:knockout:20180213(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpuapr2022.html(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpujan2021.html(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpujul2020.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14862(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/npm:knockout:20180213(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.