Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

USN-3841-1: lxml vulnerability


Severity

Medium

Vendor

Canonical Ubuntu

Description

It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks.

CVEs contained in this USN include: CVE-2018-19787

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.2.x versions prior to 2.2.13
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.2.13
References
Contactez-nous