Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acea3129 by Salvatore Bonaccorso at 2023-12-15T06:23:27+01:00
Update information on CVE-2023-46750/shiro
The information is very light in the Apache Shiro advisory but said
anyway that any version before 1.13.0 has the issue. So mark it as
unfixed and drop the TODO item.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -179,9 +179,8 @@ CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier
are affected by an I
CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the
response to ...)
NOT-FOR-US: Dokmee ECM
CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability when ...)
- - shiro <undetermined>
+ - shiro <unfixed>
NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
- TODO: check details
CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version
1.1.13, a ...)
NOT-FOR-US: PrestaShop module
CVE-2023-46144 (A download of code without integrity check vulnerability in
PLCnext pr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acea3129825f1b96b9fae9c43dbc6f025b9a9f24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acea3129825f1b96b9fae9c43dbc6f025b9a9f24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
