mirror of https://github.com/MISP/misp-website
fix: CVEs added
parent
107de7df38
commit
dc42680b77
|
@ -20,8 +20,8 @@ The API was significantly improved including changes such as attribute UUID in a
|
||||||
|
|
||||||
Two security bugs were fixed:
|
Two security bugs were fixed:
|
||||||
|
|
||||||
- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules.
|
- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules. [CVE-2018-8948](https://cve.circl.lu/cve/CVE-2018-8948)
|
||||||
- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set.
|
- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set. [CVE-2018-8949](https://cve.circl.lu/cve/CVE-2018-8949)
|
||||||
|
|
||||||
Another important fix was applied to the object handler to remedy a situation where under specific conditions could be overwritten. A recovery tool has been added in the diagnostics page.
|
Another important fix was applied to the object handler to remedy a situation where under specific conditions could be overwritten. A recovery tool has been added in the diagnostics page.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue