Vulnerability Description
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Deltaspike | <= 1.9.2 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r848d7d4c0bf637da55f01103eb8ba0fce344c295fd
- https://lists.apache.org/thread.html/r8f327712b2b07f867fde1e77cbafcf8cc6a3facaa6ExploitMailing ListVendor Advisory
- https://lists.apache.org/thread.html/r848d7d4c0bf637da55f01103eb8ba0fce344c295fd
- https://lists.apache.org/thread.html/r8f327712b2b07f867fde1e77cbafcf8cc6a3facaa6ExploitMailing ListVendor Advisory
FAQ
What is CVE-2019-12416?
CVE-2019-12416 is a vulnerability with a CVSS score of 6.1 (MEDIUM). we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.
How severe is CVE-2019-12416?
CVE-2019-12416 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12416?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Deltaspike.