[Git][security-tracker-team/security-tracker][master] Update information on CVE-2023-46750/shiro

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acea3129 by Salvatore Bonaccorso at 2023-12-15T06:23:27+01:00
Update information on CVE-2023-46750/shiro

The information is very light in the Apache Shiro advisory but said
anyway that any version before 1.13.0 has the issue. So mark it as
unfixed and drop the TODO item.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -179,9 +179,8 @@ CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an I
 CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to  ...)
 	NOT-FOR-US: Dokmee ECM
 CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...)
-	- shiro <undetermined>
+	- shiro <unfixed>
 	NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
-	TODO: check details
 CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2023-46144 (A download of code without integrity check vulnerability in PLCnext pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acea3129825f1b96b9fae9c43dbc6f025b9a9f24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acea3129825f1b96b9fae9c43dbc6f025b9a9f24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231215/d2322fa4/attachment-0001.htm>