[Pkg-nagios-devel] Bug#1106686: nagvis: CVE-2024-38866 CVE-2024-47090
Salvatore Bonaccorso
carnil at debian.org
Tue May 27 20:51:00 BST 2025
Source: nagvis
Version: 1:1.9.46-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: fixed -1 1:1.9.47-1~exp1
Hi,
The following vulnerabilities were published for nagvis.
Making the severity RC as the fixes should go into trixie before
trixie release.
CVE-2024-38866[0]:
| Improper neutralization of input in Nagvis before version 1.9.47
| which can lead to livestatus injection
CVE-2024-47090[1]:
| Improper neutralization of input in Nagvis before version 1.9.47
| which can lead to XSS
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-38866
https://www.cve.org/CVERecord?id=CVE-2024-38866
https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f
[1] https://security-tracker.debian.org/tracker/CVE-2024-47090
https://www.cve.org/CVERecord?id=CVE-2024-47090
https://github.com/NagVis/nagvis/commit/5baf87d30175357aaa39e42ff0d99fb0abefbc06
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-nagios-devel
mailing list