This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 12 Sep 2024 18:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Openedx openedx | |
| CPEs | cpe:2.3:a:openedx:openedx:redwood1:*:*:*:*:*:*:* cpe:2.3:a:openedx:openedx:redwood2:*:*:*:*:*:*:* | |
| Vendors & Products | Openedx openedx | 
Tue, 27 Aug 2024 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Openedx Openedx openedx-translations | |
| CPEs | cpe:2.3:a:openedx:openedx-translations:*:*:*:*:*:*:*:* | |
| Vendors & Products | Openedx Openedx openedx-translations | |
| Metrics | ssvc 
 | 
Fri, 23 Aug 2024 14:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings. | |
| Title | openedx-translations's Atlas translations for Open edX missing validation | |
| Weaknesses | CWE-74 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-23T14:35:08.787Z
Updated: 2024-08-27T19:46:53.938Z
Reserved: 2024-08-16T14:20:37.323Z
Link: CVE-2024-43782
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-23T18:14:45.806Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-08-23T15:15:16.600
Modified: 2024-09-12T18:29:50.943
Link: CVE-2024-43782
 Redhat
                        Redhat
                    No data.