Forum: >>> Magnum BBS <<<

Bug#1106686: nagvis: CVE-2024-38866 CVE-2024-47090

From Salvatore Bonaccorso@21:1/5 to All on Tue May 27 22:00:01 2025

Source: nagvis
Version: 1:1.9.46-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: fixed -1 1:1.9.47-1~exp1

Hi,

The following vulnerabilities were published for nagvis.

Making the severity RC as the fixes should go into trixie before
trixie release.

CVE-2024-38866[0]:
| Improper neutralization of input in Nagvis before version 1.9.47
| which can lead to livestatus injection

CVE-2024-47090[1]:
| Improper neutralization of input in Nagvis before version 1.9.47
| which can lead to XSS

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-38866
https://www.cve.org/CVERecord?id=CVE-2024-38866
https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f
[1] https://security-tracker.debian.org/tracker/CVE-2024-47090
https://www.cve.org/CVERecord?id=CVE-2024-47090
https://github.com/NagVis/nagvis/commit/5baf87d30175357aaa39e42ff0d99fb0abefbc06

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (3 / 13)
Uptime:	35:37:53
Calls:	10,392
Calls today:	3
Files:	14,064
Messages:	6,417,151