MidnightBSD

Advisories for knockoutjs

CVE-2019-14862 MEDIUM

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle business_intelligence 5.5.0.0.0
redhat decision_manager 7.0
knockoutjs knockout *
oracle goldengate 12.3.0.1.2
redhat process_automation 7.0
oracle business_intelligence 12.2.1.4.0
oracle business_intelligence 12.2.1.3.0