{"schema_version":"1.7.2","id":"OESA-2023-1446","modified":"2023-07-29T11:05:34Z","published":"2023-07-29T11:05:34Z","upstream":["CVE-2020-23064"],"summary":"doxygen security update","details":"Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C#, PHP, Java, Python, IDL (Corba, Microsoft, and UNO/OpenOffice flavors), Fortran, VHDL, Tcl, and to some extent D.\n\nSecurity Fix(es):\n\nCross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the \u0026lt;options\u0026gt; element.(CVE-2020-23064)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"doxygen","purl":"pkg:rpm/openEuler/doxygen\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.17-8.oe1"}]}],"ecosystem_specific":{"aarch64":["doxygen-debugsource-1.8.17-8.oe1.aarch64.rpm","doxygen-doxywizard-1.8.17-8.oe1.aarch64.rpm","doxygen-debuginfo-1.8.17-8.oe1.aarch64.rpm","doxygen-1.8.17-8.oe1.aarch64.rpm"],"src":["doxygen-1.8.17-8.oe1.src.rpm"],"x86_64":["doxygen-doxywizard-1.8.17-8.oe1.x86_64.rpm","doxygen-debugsource-1.8.17-8.oe1.x86_64.rpm","doxygen-1.8.17-8.oe1.x86_64.rpm","doxygen-debuginfo-1.8.17-8.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1446"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23064"}],"database_specific":{"severity":"Medium"}}