CVE-2020-11082

Published: 28/05/2020 Updated: 30/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

In Kaminari prior to 1.2.1, there is a vulnerability that would allow an malicious user to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kaminari project kaminari
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #961847 ruby-kaminari: CVE-2020-11082 Package: src:ruby-kaminari; Maintainer for src:ruby-kaminari is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 May 2020 09:39:02 UTC Severity: impor ...

A security vulnerability has been found in Kaminari, a pagination engine plugin for Rails 3+ and other modern frameworks, that would allow an attacker to inject arbitrary code into pages with pagination links For the oldstable distribution (buster), this problem has been fixed in version 101-4+deb10u1 We recommend that you upgrade your ruby-kam ...

CWE-79 https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 https://github.com/github/advisory-review/pull/1020 https://lists.debian.org/debian-lts-announce/2021/09/msg00011.html https://www.debian.org/security/2021/dsa-5005 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961847 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-5005

CVE-2020-11082

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect