Debian Security Advisory
DSA-4787-1 moin -- security update
- Date Reported:
- 09 Nov 2020
- Affected Packages:
- moin
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-15275, CVE-2020-25074.
- More information:
-
Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.
- CVE-2020-15275
Catarina Leite discovered that moin is prone to a stored XSS vulnerability via SVG attachments.
- CVE-2020-25074
Michael Chapman discovered that moin is prone to a remote code execution vulnerability via the cache action.
For the stable distribution (buster), these problems have been fixed in version 1.9.9-1+deb10u1.
We recommend that you upgrade your moin packages.
For the detailed security status of moin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/moin
- CVE-2020-15275