[Python-modules-team] Bug#593302: python-cjson: CVE-2009-2924 xss vulnerability
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Aug 17 02:04:58 UTC 2010
Package: python-cjson
Version: 1.0.5-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python-cjson.
CVE-2009-4924[0]:
| Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument
| to cjson.encode, which makes it easier for remote attackers to conduct
| certain cross-site scripting (XSS) attacks involving Firefox and the
| end tag of a SCRIPT element.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4924
http://security-tracker.debian.org/tracker/CVE-2009-4924
More information about the Python-modules-team
mailing list