Date: Thu, 9 May 2019 21:42:58 +0200 From: Michael Vorburger <vorburger@...che.org> To: oss-security@...ts.openwall.com Subject: [CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL Injection Vulnerabilities fixed in v1.3.0 Hello oss-security@...ts.openwall.com, As suggested on https://apache.org/security/committers.html, forwarding you the below: ---------- Forwarded message --------- From: Michael Vorburger <vorburger@...che.org> Date: Thu, May 9, 2019 at 9:35 PM Subject: [CVE-2018-11800] and [CVE-2018-11801] Apache Fineract SQL Injection Vulnerabilities fixed in v1.3.0 To: <dev@...eract.apache.org> Cc: Apache Security Team <security@...che.org> Hello, The Apache Fineract project would like to hereby disclose that our 1.3.0 release includes fixes for the CVE-2018-11800 and CVE-2018-11801 SQL Injection vulnerabilities (the first one in a query on the GroupSummaryCounts table, the second on the m_center data table). We would like to thank Niels Heinen from Google for reporting this issue and the Apache Security team for their assistance. See also https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report . Best, M.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.