Overview

File fix-CVE-2021-32719.patch of Package rabbitmq-server.26990

From f191414dbc2ca738f313bb31e432d57870922892 Mon Sep 17 00:00:00 2001
From: Patrik Ragnarsson <patrik@starkast.net>
Date: Sat, 19 Jun 2021 09:23:12 +0200
Subject: [PATCH] Escape the consumer-tag value in federation mgmt

Patches persistent XSS.
---
 .../priv/www/js/tmpl/federation-upstreams.ejs                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/rabbitmq_federation_management/priv/www/js/tmpl/federation-upstreams.ejs b/deps/rabbitmq_federation_management/priv/www/js/tmpl/federation-upstreams.ejs
index 5b3e14d0638..838eac1eb3b 100644
--- a/deps/rabbitmq_federation_management/priv/www/js/tmpl/federation-upstreams.ejs
+++ b/deps/rabbitmq_federation_management/priv/www/js/tmpl/federation-upstreams.ejs
@@ -45,7 +45,7 @@
      <td class="r"><%= fmt_time(upstream.value['message-ttl'], 'ms') %></td>
      <td class="r"><%= fmt_string(upstream.value['ha-policy']) %></td>
      <td class="r"><%= fmt_string(upstream.value['queue']) %></td>
-     <td class="r"><%= upstream.value['consumer-tag'] %></td>
+     <td class="r"><%= fmt_string(upstream.value['consumer-tag']) %></td>
    </tr>
 <% } %>
  </tbody>
openSUSE Build Service is sponsored by
Places