VDB
CVE-2019-10904
CVE-2019-10904
PUBLISHED
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
EPSS 0.60% · 69.7th percentile
Risk Scores
EPSS Score
0.60%
69.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | roundup | 1.4.20-1.1+deb8u1build0.16.04.1, 1.4.20-1.1, 0 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2019/04/07/1 (nist-nvd)
- https://bugs.python.org/issue36391 (nist-nvd)
- https://github.com/python/bugs.python.org/issues/34 (nist-nvd)
- https://www.openwall.com/lists/oss-security/2019/04/05/1 (circl)
- [debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update (circl)
Timeline
- Apr 6, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10904 third-party-advisory
- https://github.com/python/bugs.python.org/issues/34 third-party-advisory
- https://issues.roundup-tracker.org/issue2551035 third-party-advisory
- https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f third-party-advisory
- https://bugs.python.org/issue36391 third-party-advisory
- https://www.openwall.com/lists/oss-security/2019/04/05/1 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10904 third-party-advisory