Open mend-for-github-com[bot] opened 2 years ago
An operating system based on the best Windows NT design principles
Library home page: https://sourceforge.net/projects/reactos/
Found in HEAD commit: 2b8e77b2ff0d688bfd2ffb44061287e82fa71967
Found in base branch: master
/barista-scan/tools/scancode-toolkit/thirdparty/lxml-4.2.1-cp27-cp27m-win_amd64/lxml/includes/libxml/hash.h
A Remote Code Execution was discovered in libxml2 before version 2.9.8.
Publish Date: 2019-01-01
URL: CVE-2018-9466
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/GNOME/libxml2/compare/v2.9.7...v2.9.8-rc1
Release Date: 2019-06-16
Fix Resolution: android-9.0.0_r5,android-8.1.0_r45,v2.9.8-rc1
CVE-2018-9466 - High Severity Vulnerability
Vulnerable Library - reactosreactos0.3.0-REL-src
An operating system based on the best Windows NT design principles
Library home page: https://sourceforge.net/projects/reactos/
Found in HEAD commit: 2b8e77b2ff0d688bfd2ffb44061287e82fa71967
Found in base branch: master
Vulnerable Source Files (1)
/barista-scan/tools/scancode-toolkit/thirdparty/lxml-4.2.1-cp27-cp27m-win_amd64/lxml/includes/libxml/hash.h
Vulnerability Details
A Remote Code Execution was discovered in libxml2 before version 2.9.8.
Publish Date: 2019-01-01
URL: CVE-2018-9466
CVSS 3 Score Details (8.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/GNOME/libxml2/compare/v2.9.7...v2.9.8-rc1
Release Date: 2019-06-16
Fix Resolution: android-9.0.0_r5,android-8.1.0_r45,v2.9.8-rc1