CVE-2019-14862
published 2020-01-02CVE-2019-14862: There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | node-knockout | < node-knockout 3.4.2-3 (bookworm) | node-knockout 3.4.2-3 (bookworm) |
| knockoutjs | knockout | <= 3.4.2 | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | goldengate | — | — |
| red_hat | knockout | — | — |
| red_hat | knockout | >= 0 < 3.5.0 | 3.5.0 |
| redhat | decision_manager | — | — |
| redhat | process_automation | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM