← voltar
CVE-2026-44371

Open OnDemand: Specially crafted filenames can execute javascript in the file browser

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
OSC · ondemand

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/OSC/ondemand/security/advisories/GHSA-xcv4-m435-m33h