Oval Definition:
oval:com.ubuntu.disco:def:2018201490000000
Revision Date
:
2018-12-14
Version
:
1
Title
:
CVE-2018-20149 on Ubuntu 19.04 (disco) - medium.
Description
:
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2018-20149
Platform(s)
:
Ubuntu 19.04
Product(s)
:
Definition Synopsis
Ubuntu 19.04 (disco) is installed.
AND
wordpress package in disco, is related to the CVE in some way and has been fixed (note: '5.0.1+dfsg1-1').
BACK