Roundcube Webmail Security Update Advisory (CVE-2024-37383)

Oct 22 2024

Overview

An update has been released to address vulnerabilities in Roundcube Webmail. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-37383

RoundCube Webmail versions: ~ 1.5.7 (excluded)
RoundCube Webmail versions: 1.6.x (inclusive) ~ 1.6.7 (excluded)

Resolved Vulnerabilities

XSS vulnerability via SVG animate attribute in RoundCube Webmail (CVE-2024-37383)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-37383

RoundCube Webmail version: 1.5.7
RoundCube Webmail version: 1.6.7

Referenced Sites

[1] CVE-2024-37383 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37383

[2] Roundcube Webmail 1.5.7

https://github.com/roundcube/roundcubemail/releases/tag/1.5.7

[3] Roundcube Webmail 1.6.7

https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

Roundcube Webmail Security Update Advisory (CVE-2024-37383)

Dell Product Security Update Advisory (CVE-2024-45766)

Protobuf Library Security Update Advisory (CVE-2024-7254)

Tags:

Dell Product Security Update Advisory (CVE-2024-45766)

Protobuf Library Security Update Advisory (CVE-2024-7254)