Advisories ยป MGASA-2018-0040

Updated python-werkzeug packages fix security vulnerability

Publication date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10516

Description

Cross-site scripting (XSS) vulnerability in the render_full function in
debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11
allows remote attackers to inject arbitrary web script or HTML via a
field that contains an exception message (CVE-2016-10516).
                

References

SRPMS

5/core

6/core