CVE-2024-41809
CVSS V2 None
CVSS V3 None
Description
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.
Overview
- CVE ID
- CVE-2024-41809
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-25T20:22:14.726Z
- Last Modified Date
- 2024-07-25T20:22:14.726Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp | x_refsource_CONFIRM |
https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02 | x_refsource_MISC |
https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d | x_refsource_MISC |
https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-41809 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41809 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-26 13:04:26 | Added to TrackCVE |