Bug 1095529 (CVE-2018-11627) - VUL-0: CVE-2018-11627: rubygem-sinatra: Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon aparams parser exception.
Summary: VUL-0: CVE-2018-11627: rubygem-sinatra: Sinatra before 2.0.2 has XSS via the ...
Status: RESOLVED FIXED
Alias: CVE-2018-11627
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.1
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: Leap 15.1
Assignee: Security Team bot
QA Contact: E-mail List
URL: https://smash.suse.de/issue/206848/
Whiteboard: CVSSv3:RedHat:CVE-2018-11627:6.1:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-01 09:45 UTC by Karol Babioch
Modified: 2024-06-07 07:52 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Karol Babioch 2018-06-01 09:51:25 UTC 
Seems like our SUSE codestreams are not affected:

- SUSE:SLE-12-SP2:Update:Products:Cloud7:Update
- SUSE:SLE-12-SP3:Update:Products:Cloud8:Update

openSUSE:Factory on the other hand is affected.
Comment 2 Karol Babioch 2018-06-01 14:30:39 UTC 
Fixed for devel project: https://build.opensuse.org/request/show/613450
Comment 3 Alexandros Toptsoglou 2020-04-23 16:30:56 UTC 
Leap 15.1 is affected reassigning back