RHSA-2020:2362MediumCVSS 9.1
Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2019-10744 — nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties CVE-2020-7598 — nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-12459 — grafana: information disclosure through world-readable grafana configuration files
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2020:2362
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1739497
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1813344
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1828406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1829724
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2362.json