All errata/sisyphus/ALT-PU-2026-8918-2
ALT-PU-2026-8918-2

Package update plantuml in branch sisyphus

Version1.2026.5-alt1
Task#420788
Published2026-06-11
Max severityCRITICAL
Severity:

Closed issues (6)

CVE-2023-3431
MEDIUM5.3

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

Published: 2023-06-27Modified: 2024-11-21
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
CVE-2023-3432
CRITICAL10.0

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

Published: 2023-06-27Modified: 2024-11-21
CVSS 3.xCRITICAL 10.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
References
CVE-2026-0858
LOW2.0

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.

Published: 2026-01-16Modified: 2026-04-28
CVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 4.0LOW 2.0
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
GHSA-ff3m-68vj-h86p
HIGH7.2

PlantUML Server-Side Request Forgery vulnerability

Published: 2023-06-27Modified: 2023-06-27
CVSS 3.xHIGH 7.2
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References
GHSA-hrvf-g648-rf3m
LOW2.0

PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Published: 2026-01-16Modified: 2026-01-16
CVSS 3.x
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 4.0LOW 2.0
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P
References
GHSA-p2mf-q26j-3xmh
MEDIUM5.3

PlantUML Improper Access Control vulnerability

Published: 2023-06-27Modified: 2023-06-27
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References

Closed bugs (1)

Bug #50011

Обновить до новой версии