ping?
在 2012年4月9日星期一,Funda Wang <[email protected]> 写道: > ping? > > 2012/4/8 Funda Wang <[email protected]>: >> Hello, >> >> Could somebody pushing redmine 1.3.2 into cauldron? >> >> Redmine before 1.3.2 does not properly restrict the use of a hash to >> provide values for a model's attributes, which allows remote attackers >> to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, >> (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) >> Version, (9) Wiki, (10) UserPreference, or (11) Board model via a >> modified URL, related to a "mass assignment" vulnerability, a >> different vulnerability than CVE-2012-0327. >> >> Thanks. >
