VDB
RHSA-2019%3A4071
RHSA-2019%3A4071
PUBLISHED
CVSS 6.099999904632568 MEDIUM
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Process Automation 7 |
Timeline
- Dec 3, 2019 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2019:4071 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhpam&version=7.5.1 advisory
- https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.5/html/release_notes_for_red_hat_process_automation_manager_7.5/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1763589 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1763594 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4071.json advisory
- https://access.redhat.com/security/cve/CVE-2019-14862 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14862 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-14862 advisory
- https://snyk.io/vuln/npm:knockout:20180213 advisory
- https://access.redhat.com/security/cve/CVE-2019-14863 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14863 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-14863 advisory
- https://snyk.io/vuln/npm:angular:20150807 advisory