{"affected":[{"ecosystem_specific":{"binaries":[{"moinmoin-wiki":"1.9.11-bp152.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"moinmoin-wiki","purl":"pkg:rpm/suse/moinmoin-wiki&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.11-bp152.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for moinmoin-wiki fixes the following issues:\n\n- update to version 1.9.11:\n  CVE-2020-25074 (boo#1178744): fix remote code execution via cache action\n  CVE-2020-15275 (boo#1178745): fix malicious SVG attachment causing stored XSS vulnerability\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.","id":"openSUSE-SU-2020:1998-1","modified":"2020-11-23T07:20:43Z","published":"2020-11-23T07:20:43Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GMUGPIPMLTP6KSHV2XRIESFS7OGOBXW6/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178744"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15275"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25074"}],"related":["CVE-2020-15275","CVE-2020-25074"],"summary":"Security update for moinmoin-wiki","upstream":["CVE-2020-15275","CVE-2020-25074"]}