-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerability #494
Comments
Hi @mschop, afaik there is no explicit address for this, so you should write a Message to the contact@engelsystem.de and @msquare will answer you. Afaik he is busy atm so it would be nice if you could include me in the conversation too ;) |
Hi, please provide the details per e-mail to contact@engelsystem.de - or directly to me msquare@notrademark.de. Thank you! |
-v? |
?? |
* Ensure that the form is submitted with a post request * Replaced several links with forms Closes engelsystem#494 (Security Vulnerability)
* Ensure that the form is submitted with a post request * Replaced several links with forms Closes engelsystem#494 (Security Vulnerability)
@msquare is the fix already released? |
Since the installation is still mostly done by cloning the repository, this may be seen as released, i guess. |
@msquare Ok. Thanks. Then I publish the details right now for the CVE. Those are the details regarding the security vulnerability: There was no CSRF protection mechnism in engelsystem. This allowed attackers, to slip an user a spoofed request. |
Yes, ok. Thank you. |
Hi,
I found a security vulnerability in engelsystem. How shall I provide more details?
Best Regards
mschop
The text was updated successfully, but these errors were encountered: