TEMP-0000000-540B06

NameTEMP-0000000-540B06
DescriptionGHSA-jgqj-x5j9-vgcm: Icinga 2 DSL Injection via Unescaped Import Template Name
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icinga2 (PTS)bullseye2.12.3-1vulnerable
bullseye (security)2.12.3-1+deb11u1vulnerable
bookworm2.13.6-2+deb12u2vulnerable
trixie2.14.6-1vulnerable
forky2.16.1-1vulnerable
sid2.16.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icinga2source(unstable)2.16.2-1

Notes

https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm
https://icinga.com/blog/icinga2-security-release-v2-16-2/
Fixed by: https://github.com/Icinga/icinga2/commit/af4b36e6464b9b214bed270a53d6474cf91eb441 (v2.16.2)
Fixed by: https://github.com/Icinga/icinga2/commit/eec0d90e8303376fe772b3e4a04e3b064a44cf30 (v2.14.9)

Search for package or bug name: Reporting problems