CVE-2024-37383
Published: 7 June 2024
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
roundcube Launchpad, Ubuntu, Debian |
bionic |
Released
(1.3.6+dfsg.1-1ubuntu0.1~esm4)
Available with Ubuntu Pro |
| focal |
Released
(1.4.3+dfsg.1-1ubuntu0.1~esm4)
Available with Ubuntu Pro |
|
| jammy |
Released
(1.5.0+dfsg.1-2ubuntu0.1~esm3)
Available with Ubuntu Pro |
|
| mantic |
Released
(1.6.2+dfsg-1ubuntu0.2)
|
|
| noble |
Not vulnerable
(1.6.6+dfsg-2)
|
|
| upstream |
Released
(1.6.7+dfsg-1)
|
|
| xenial |
Not vulnerable
(code not present)
|
References
- https://www.cve.org/CVERecord?id=CVE-2024-37383
- https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f
- https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
- https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
- https://ubuntu.com/security/notices/USN-6848-1
- NVD
- Launchpad
- Debian