docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308)

2023-12-20 03:39:39 +00:00 · 2023-12-20 03:39:39 +00:00 · 8c32c6da16
parent 90a3d685a0
commit 8c32c6da16
1 changed files with 16 additions and 1 deletions
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@ -4,15 +4,30 @@ hide_title: true
 sidebar_position: 2
 ---

+#### Version 3.0.2, 2.1.3
+
+| CVE            | Title                                                       |                   Affected |
+|:---------------|:------------------------------------------------------------|---------------------------:|
+| CVE-2023-46104 | Allows for uncontrolled resource consumption via a ZIP bomb | < 2.1.3, >= 3.0.0, < 3.0.2 |
+| CVE-2023-49736 | SQL Injection on where_in JINJA macro                       | < 2.1.3, >= 3.0.0, < 3.0.2 |
+| CVE-2023-49734 | Privilege Escalation Vulnerability                          | < 2.1.3, >= 3.0.0, < 3.0.2 |
+
+
 #### Version 3.0.0

 | CVE            | Title                                                                   | Affected |
 |:---------------|:------------------------------------------------------------------------|---------:|
 | CVE-2023-42502 | Open Redirect Vulnerability                                             |  < 3.0.0 |
-| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service             |  < 3.0.0 |
 | CVE-2023-42505 | Sensitive information disclosure on db connection details               |  < 3.0.0 |


+#### Version 2.1.3
+
+| CVE            | Title                                                                   | Affected |
+|:---------------|:------------------------------------------------------------------------|---------:|
+| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service             |  < 2.1.3 |
+
+
 #### Version 2.1.2

 | CVE            | Title                                                                   | Affected |