VulnerableCode Package Details - pkg:rpm/redhat/ovirt-web-ui@1.6.0-1?arch=el7ev

Search for packages

Vulnerability	Summary	Fixed by
VCID-3s9f-prpy-hbcx Aliases: CVE-2019-11358 GHSA-6c3j-c64m-qhgq	Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`	There are no reported fixed by versions.
VCID-dzeb-zu9x-g3bq Aliases: CVE-2019-10744 GHSA-jf85-cpcp-j695	Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.	There are no reported fixed by versions.
VCID-p87t-vvdx-b7dv Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3s9f-prpy-hbcx
Aliases:
CVE-2019-11358
GHSA-6c3j-c64m-qhgq

Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`

There are no reported fixed by versions.

VCID-dzeb-zu9x-g3bq
Aliases:
CVE-2019-10744
GHSA-jf85-cpcp-j695

Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

There are no reported fixed by versions.

VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:56.620945+00:00	RedHat Importer	Affected by	VCID-p87t-vvdx-b7dv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8331.json	38.0.0
2026-04-01T14:20:40.574735+00:00	RedHat Importer	Affected by	VCID-3s9f-prpy-hbcx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11358.json	38.0.0
2026-04-01T14:17:59.787060+00:00	RedHat Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10744.json	38.0.0