From 8c32c6da169afec312923e516850d90a69e78f46 Mon Sep 17 00:00:00 2001 From: Daniel Vaz Gaspar Date: Wed, 20 Dec 2023 03:39:39 +0000 Subject: [PATCH] docs: update CVEs fixed on 3.0.2 and 2.1.3 (#26308) --- docs/docs/security/cves.mdx | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx index ea6ac0b65b..6422dfd019 100644 --- a/docs/docs/security/cves.mdx +++ b/docs/docs/security/cves.mdx @@ -4,15 +4,30 @@ hide_title: true sidebar_position: 2 --- +#### Version 3.0.2, 2.1.3 + +| CVE | Title | Affected | +|:---------------|:------------------------------------------------------------|---------------------------:| +| CVE-2023-46104 | Allows for uncontrolled resource consumption via a ZIP bomb | < 2.1.3, >= 3.0.0, < 3.0.2 | +| CVE-2023-49736 | SQL Injection on where_in JINJA macro | < 2.1.3, >= 3.0.0, < 3.0.2 | +| CVE-2023-49734 | Privilege Escalation Vulnerability | < 2.1.3, >= 3.0.0, < 3.0.2 | + + #### Version 3.0.0 | CVE | Title | Affected | |:---------------|:------------------------------------------------------------------------|---------:| | CVE-2023-42502 | Open Redirect Vulnerability | < 3.0.0 | -| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 3.0.0 | | CVE-2023-42505 | Sensitive information disclosure on db connection details | < 3.0.0 | +#### Version 2.1.3 + +| CVE | Title | Affected | +|:---------------|:------------------------------------------------------------------------|---------:| +| CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 2.1.3 | + + #### Version 2.1.2 | CVE | Title | Affected |