Skip to main content

SRS Security

请将任何安全漏洞报告到这里。

CVE-2024-29882

HTTP API: DOM - XSS on JSONP callback

Severity: High
Advisory: GHSA-gv9r-qcjc-5hj7
CVE-2024-29882
Not vulnerable: 5.0.210+, 6.0.121+
Vulnerable: 5.0.0-5.0.210, 6.0.0-6.0.121
The patch: c75c9840d (v5.0.210), 244ce7bc0 (v6.0.121)
Fixed at: 2024.03.28

CVE-2023-34105

Command injection in demonstration api-server for HTTP callback.

Severity: High
Advisory: GHSA-vpr5-779c-cx62
CVE-2023-34105
Not vulnerable: v5.0.157+, v5.0-b1+, v6.0.48+
Vulnerable: v5.0.137-v5.0.156, v6.0.18-v6.0.47
The patch: 1e43bb6 (v5.0.157), 1d878c2 (v6.0.48)
Fixed at: 2023.07.05

CVE-2024-29882
CVE-2023-34105