[Git][security-tracker-team/security-tracker][master] Add two CVEs for flatpress, itp'ed

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
443574a9 by Salvatore Bonaccorso at 2025-03-20T21:37:50+01:00
Add two CVEs for flatpress, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -139,13 +139,13 @@ CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (X
 CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
 	TODO: check
 CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
-	TODO: check
+	- flatpress <itp> (bug #466297)
 CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in open-webui/open-webu ...)
 	NOT-FOR-US: open-webui/open-webui
 CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified in the ...)
 	TODO: check
 CVE-2024-9699 (A vulnerability in the file upload functionality of the FlatPress CMS  ...)
-	TODO: check
+	- flatpress <itp> (bug #466297)
 CVE-2024-9617 (An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker ...)
 	NOT-FOR-US: danswer-ai/danswer
 CVE-2024-9612 (In danswer-ai/danswer v0.3.94, administrators can set the visibility o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443574a9110e59299fdc1394f90cc2891433276b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/443574a9110e59299fdc1394f90cc2891433276b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/1b59f4d0/attachment.htm>