Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Minify Source HTML - Moderately critical - Cross site scripting - SA-CONTRIB-2023-032

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Minify Source HTML - Moderately critical - Cross site scripting - SA-CONTRIB-2023-032


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Minify Source HTML - Moderately critical - Cross site scripting - SA-CONTRIB-2023-032
  • Date: Wed, 26 Jul 2023 20:00:10 +0000 (UTC)
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=pass (mail.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 2605:bc80:3010::137 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2B23A41E62
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 01ABB41FDB
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DF6D7408C9
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org F3D304089C
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2023-032

Project: Minify Source HTML [1]
Date: 2023-July-26
Security risk: *Moderately critical* 11∕25
AC:Basic/A:None/CI:None/II:None/E:Proof/TD:All [2]
Vulnerability: Cross site scripting

Affected versions: <1.13.0 || >=2.0.0 <2.0.3
Description: 
Carefully crafted input by an attacker will not be sanitized by this module,
which can result in a script injection.

Solution: 
Install the latest version:

* If you use the Minify Source HTML module for Drupal 7.x, upgrade to Minify
Source HTML 7.x-1.11 [3]
* If you use the Minify Source HTML module for Drupal 8.x/9.x, upgrade to
Minify Source HTML 8.x-1.13 [4]
* If you use the Minify Source HTML module for Drupal 9.x/10.x, upgrade to
Minify Source HTML 2.0.3 [5]

Reported By: 
* Pierre Rudloff [6]

Fixed By: 
* Scott Joudry [7]
* Pierre Rudloff [8]


[1] https://www.drupal.org/project/minifyhtml
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/minifyhtml/releases/7.x-1.11
[4] https://www.drupal.org/project/minifyhtml/releases/8.x-1.13
[5] https://www.drupal.org/project/minifyhtml/releases/2.0.3
[6] https://www.drupal.org/user/3611858
[7] https://www.drupal.org/user/1846786
[8] https://www.drupal.org/user/3611858

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Minify Source HTML - Moderately critical - Cross site scripting - SA-CONTRIB-2023-032, security-news, 26.07.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang