RHSA-2019:3024: Moderate: ovirt-web-ui security and bug fix update
The ovirt-web-ui package provides the web interface for Red Hat Virtualization.Security Fix(es): nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744) bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:3024?
The severity of RHSA-2019:3024 is classified as moderate.
How do I fix RHSA-2019:3024?
To fix RHSA-2019:3024, upgrade the ovirt-web-ui package to version 1.6.0-1.el7e or later.
What vulnerabilities are addressed in RHSA-2019:3024?
RHSA-2019:3024 addresses a prototype pollution issue in nodejs-lodash and a cross-site scripting (XSS) vulnerability in Bootstrap.
Which system is affected by RHSA-2019:3024?
RHSA-2019:3024 affects the ovirt-web-ui package used in Red Hat Virtualization.
Is there a specific version of ovirt-web-ui that resolves the issues in RHSA-2019:3024?
Yes, the specific version that resolves the issues is 1.6.0-1.el7e.