From 12c5e4bf5e367a3f5b816c6edea23d85da453f68 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 18 Mar 2022 21:24:20 +0100
Subject: [PATCH] new: [security] Assigned CVEs added

---
 content/security.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/content/security.md b/content/security.md
index 9104c99..8779fd9 100755
--- a/content/security.md
+++ b/content/security.md
@@ -74,7 +74,10 @@ We firmly believe that, even though unfortunately it is often not regarded as co
 - [CVE-2021-37743](https://cvepremium.circl.lu/cve/CVE-2021-37743) <= MISP 2.4.147 - app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
 - [CVE-2021-39302](https://cvepremium.circl.lu/cve/CVE-2021-39302) <= MISP 2.4.148 - MISP in certain configurations, when used with PostgreSQL (which is not a default configuration), allows SQL injection via the app/Model/Log.php $conditions['org'] value.
 - [CVE-2021-41326](https://cvepremium.circl.lu/cve/CVE-2021-41326) < MISP 2.4.148 -  app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
-
+- CVE-2022-27245 
+- CVE-2022-27243
+- CVE-2022-27246
+- CVE-2022-27244 
 
 ## PGP Key