VDB

GCVE-110-MAGEIA-2022-104

GCVE-110-MAGEIA-2022-104
Advisory Published
Vulnetix · Advisory published March 21, 2022
The {% debug %} template tag didn't properly encode the current context posing an XSS attack vector (CVE-2022-22818). Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service (CVE-2022-23833). The python-django update necessitated a version update to python-asgiref as well.

Affected Products

VendorProductVersionsPlatforms
Mageiapython-asgiref0 (affected), 3.5.0-1.mga8 (unaffected), 0 (affected), 3.5.0-1.mga8 (unaffected)
Mageiaopencpn-statusbar-plugin0 (affected), 0.8.22-1.mga8 (unaffected)
Mageiaopencpn0 (affected), 5.6.2-4.mga8 (unaffected)
Mageiaopencpn-logbookkonni-plugin0 (affected), 1.4.28-1.mga8 (unaffected)
Mageiaopencpn-ais-radar-plugin0 (affected), 1.2.23.0-1.mga8 (unaffected)
Mageiaopencpn-celestial-navigation-plugin0 (affected), 2.3.15.0-1.mga8 (unaffected)
Mageiaopencpn-weather-routing-plugin0 (affected), 1.13.48.0-1.mga8 (unaffected)
Mageiaopencpn-weatherfax-plugin0 (affected), 1.9.40.0-2.mga8 (unaffected)
Mageiaopencpn-polar-plugin0 (affected), 1.1.29-1.mga8 (unaffected)
Mageiaopencpn-squiddio-plugin0 (affected), 1.3.21-1.mga8 (unaffected)
Mageiaopencpn-watchdog-plugin2.4.44-1.mga8 (unaffected), 0 (affected)
Mageiapython-django3.2.12-1.mga8 (unaffected), 0 (affected), 3.2.12-1.mga8 (unaffected), 0 (affected)
Mageiaopencpn-climatology-plugin1.4.46.0-1.mga8 (unaffected), 0 (affected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›