minTime and maxTime requests parameters were not properly validated and could be used execute arbitrary SQL.
Fixed by 4f4ddaa. Fix release in 1.36.33 or 1.37.33.
Apply patch manually.
Manfred Paul SamXML
Impact
minTime and maxTime requests parameters were not properly validated and could be used execute arbitrary SQL.
Patches
Fixed by 4f4ddaa. Fix release in 1.36.33 or 1.37.33.
Workarounds
Apply patch manually.
Credits
Manfred Paul
SamXML