Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 680518 (CVE-2019-9834)

Summary: <net-analyzer/netdata-1.13.0: HTML Injection Vulnerability
Product: Gentoo Security Reporter: yuLya <gen2xmach1ne>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: candrews
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa cve]
Package list:
Runtime testing required: ---

Description yuLya 2019-03-15 21:00:24 UTC
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. 

Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-03-27 03:49:41 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 2 Larry the Git Cow gentoo-dev 2019-03-27 13:27:49 UTC
The bug has been closed via the following commit(s):

commit e0981fa7fa69ca8b0fadb580df0b1a2f034ff239
Author:     Craig Andrews <>
AuthorDate: 2019-03-27 13:27:24 +0000
Commit:     Craig Andrews <>
CommitDate: 2019-03-27 13:27:41 +0000

    net-analyzer/netdata: Remove versions with HTML Injection Vulnerability
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Craig Andrews <>

 net-analyzer/netdata/Manifest                 |   6 --
 net-analyzer/netdata/netdata-1.10.0-r1.ebuild | 110 -------------------------
 net-analyzer/netdata/netdata-1.11.0.ebuild    | 111 -------------------------
 net-analyzer/netdata/netdata-1.11.1.ebuild    | 114 --------------------------
 net-analyzer/netdata/netdata-1.12.0.ebuild    | 114 --------------------------
 net-analyzer/netdata/netdata-1.12.1.ebuild    | 114 --------------------------
 net-analyzer/netdata/netdata-1.12.2.ebuild    | 114 --------------------------
 7 files changed, 683 deletions(-)