Advisories ยป MGASA-2023-0103

Updated liferea packages fix security vulnerability

Publication date: 18 Mar 2023
Modification date: 18 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-1350

Description

Remote code execution on feed enrichment. If "Extract full content from
HTML5 and Google AMP" has been enabled for one or more feed subscriptions
it is possible for a an attacker to inject a script command that runs
with user priveleges. (CVE-2023-1350)

References

SRPMS

8/core