From 1b8bd27b3cd57ef0d1b4207169b4744b0570dfe0 Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Sat, 20 Nov 2021 13:53:49 +0100 Subject: [PATCH] Added cve number for csrf bug --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index afaf9b0b..a7113785 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -23,7 +23,7 @@ To receive fixes for security vulnerabilities it is required to always upgrade t | V 0.6.13|JavaScript could get executed in the description series, categories or publishers title|| | V 0.6.13|JavaScript could get executed in the shelf title|| | V 0.6.13|Login with the old session cookie after logout. Thanks to @ibarrionuevo|| -| V 0.6.14|CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource) || +| V 0.6.14|CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource) |CVE-2021-25965| | V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo||