This is an automated email from the ASF dual-hosted git repository. linkinstar pushed a commit to branch docs/security in repository https://gitbox.apache.org/repos/asf/incubator-answer-website.git
commit edf7f4ff8f892b400aaf146f47e9c87c97969f60 Author: LinkinStars <[email protected]> AuthorDate: Sat Aug 10 10:47:55 2024 +0800 docs(security): update security docs --- community/security.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/community/security.md b/community/security.md index 2fd07c35e..1dabba004 100644 --- a/community/security.md +++ b/community/security.md @@ -8,6 +8,20 @@ The Apache Software Foundation takes a rigorous stance on eliminating security i # Security fixes +## v1.3.5 + +### CVE-2024-41888 + +The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. + +https://www.cve.org/CVERecord?id=CVE-2024-41888 + +### CVE-2024-41890 + +User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. + +https://www.cve.org/CVERecord?id=CVE-2024-41890 + ## v1.2.5 ### CVE-2024-29217 @@ -42,4 +56,4 @@ https://www.cve.org/CVERecord?id=CVE-2024-23349 Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. -https://www.cve.org/CVERecord?id=CVE-2023-49619 \ No newline at end of file +https://www.cve.org/CVERecord?id=CVE-2023-49619
