{"id":"UBUNTU-CVE-2018-19516","details":"messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv=\"REFRESH\" value.","modified":"2025-10-24T04:47:16Z","published":"2020-03-12T21:15:00Z","upstream":["CVE-2018-19516"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19516"},{"type":"REPORT","url":"https://www.kde.org/info/security/advisory-20181128-1.txt"},{"type":"REPORT","url":"https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-19516"}],"affected":[{"package":{"name":"kf5-messagelib","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/kf5-messagelib@4:17.12.3-0ubuntu3+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:17.04.3-0ubuntu1","4:17.04.3-0ubuntu2","4:17.08.3-0ubuntu1","4:17.08.3-0ubuntu2","4:17.12.2-0ubuntu3","4:17.12.3-0ubuntu2","4:17.12.3-0ubuntu3","4:17.12.3-0ubuntu3+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"kf5-messagelib-data"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagecomposer-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagecomposer5abi2"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagecore-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagecore5abi2"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagelist-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messagelist5abi1"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messageviewer-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messageviewer-plugins"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5messageviewer5abi4"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5mimetreeparser-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5mimetreeparser5abi2"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5templateparser-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5templateparser5abi2"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5webengineviewer-dev"},{"binary_version":"4:17.12.3-0ubuntu3+esm1","binary_name":"libkf5webengineviewer5abi3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19516.json"}},{"package":{"name":"kf5-messagelib","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/kf5-messagelib@4:19.12.3-0ubuntu1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:19.04.3-0ubuntu1","4:19.04.3-0ubuntu2","4:19.12.3-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"kf5-messagelib-data"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagecomposer-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagecomposer5abi2"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagecore-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagecore5abi2"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagelist-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messagelist5abi1"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messageviewer-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messageviewer-plugins"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5messageviewer5abi5"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5mimetreeparser-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5mimetreeparser5abi3"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5templateparser-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5templateparser5abi2"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5webengineviewer-dev"},{"binary_version":"4:19.12.3-0ubuntu1","binary_name":"libkf5webengineviewer5abi3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19516.json"}},{"package":{"name":"kf5-messagelib","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/kf5-messagelib@4:21.12.3-0ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:21.08.1-0ubuntu1","4:21.08.3-0ubuntu2","4:21.11.80-0ubuntu1","4:21.11.90-0ubuntu1","4:21.12.0-0ubuntu1","4:21.12.1-0ubuntu1","4:21.12.2-0ubuntu1","4:21.12.3-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"kf5-messagelib-data"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagecomposer-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagecomposer5abi2"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagecore-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagecore5abi2"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagelist-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messagelist5abi1"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messageviewer-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messageviewer-plugins"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5messageviewer5abi5"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5mimetreeparser-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5mimetreeparser5abi3"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5templateparser-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5templateparser5abi2"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5webengineviewer-dev"},{"binary_version":"4:21.12.3-0ubuntu1","binary_name":"libkf5webengineviewer5abi3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19516.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}