MGASA-2024-0279

Advisory lineage Upstream: 3 Downstream: 0
Published: 15 Aug 2024, 17:48
Last modified:16 Apr 2026, 04:20

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Aug 2024, 17:48
Published
Vulnerability first disclosed
16 Apr 2026, 04:20
Last Modified
Vulnerability information updated

Description

Updated roundcubemail packages fix security vulnerabilities Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

Affected Systems

  • mageiaroundcubemail

    < 1.6.8-1.mga9

References (3)