SRS Security
Please report any security vulnerabilities to here.
CVE-2024-29882
HTTP API: DOM - XSS on JSONP callback
- Severity: High
- Advisory: GHSA-gv9r-qcjc-5hj7
- CVE-2024-29882
- Not vulnerable: 5.0.210+, 6.0.121+
- Vulnerable: 5.0.0-5.0.210, 6.0.0-6.0.121
- The patch: c75c9840d (v5.0.210), 244ce7bc0 (v6.0.121)
- Fixed at: 2024.03.28
CVE-2023-34105
Command injection in demonstration api-server for HTTP callback.
- Severity: High
- Advisory: GHSA-vpr5-779c-cx62
- CVE-2023-34105
- Not vulnerable: v5.0.157+, v5.0-b1+, v6.0.48+
- Vulnerable: v5.0.137-v5.0.156, v6.0.18-v6.0.47
- The patch: 1e43bb6 (v5.0.157), 1d878c2 (v6.0.48)
- Fixed at: 2023.07.05
