updated docs
This commit is contained in:
Sebastian Hildebrandt
@@ -43,6 +43,23 @@
|
||||
<div class="col-12 sectionheader">
|
||||
<div class="title">Security Advisories</div>
|
||||
<div class="text">
|
||||
<h2>Command Injection Vulnerability</h2>
|
||||
<p><span class="bold">Affected versions:</span>
|
||||
< 5.3.1 and < 4.34.11<br>
|
||||
<span class="bold">Date:</span> 2021-02-14<br>
|
||||
<span class="bold">CVE indentifier</span> -
|
||||
</p>
|
||||
|
||||
<h4>Impact</h4>
|
||||
<p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated array as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>
|
||||
|
||||
<h4>Patch</h4>
|
||||
<p>Problem was fixed with additional parameter checking. Please upgrade to version >= 5.3.1 (or >= 4.34.11 if you are using version 4).</p>
|
||||
|
||||
<h4>Workarround</h4>
|
||||
<p>If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>
|
||||
<hr>
|
||||
<br>
|
||||
<h2>DOS Injection Vulnerability</h2>
|
||||
<p><span class="bold">Affected versions:</span>
|
||||
< 5.2.6 and < 4.34.10<br>
|
||||
|
||||
Reference in New Issue
Block a user