{"affected":[{"ecosystem_specific":{"binaries":[{"moinmoin-wiki":"1.9.11-lp152.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"moinmoin-wiki","purl":"pkg:rpm/opensuse/moinmoin-wiki&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.11-lp152.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for moinmoin-wiki fixes the following issues:\n\n- update to version 1.9.11:\n  CVE-2020-25074 (boo#1178744): fix remote code execution via cache action\n  CVE-2020-15275 (boo#1178745): fix malicious SVG attachment causing stored XSS vulnerability\n","id":"openSUSE-SU-2020:1966-1","modified":"2020-11-19T07:33:28Z","published":"2020-11-19T07:33:28Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZWQ3H4AUJA2F3ISKMWL6QTCZID5AYFKR/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178744"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15275"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25074"}],"related":["CVE-2020-15275","CVE-2020-25074"],"summary":"Security update for moinmoin-wiki","upstream":["CVE-2020-15275","CVE-2020-25074"]}