SRS Security

Please report any security vulnerabilities to here.

CVE-2024-29882

HTTP API: DOM - XSS on JSONP callback

• Severity: High
• Advisory: GHSA-gv9r-qcjc-5hj7
• CVE-2024-29882
• Not vulnerable: 5.0.210+, 6.0.121+
• Vulnerable: 5.0.0-5.0.210, 6.0.0-6.0.121
• The patch: c75c9840d (v5.0.210), 244ce7bc0 (v6.0.121)
• Fixed at: 2024.03.28

CVE-2023-34105

Command injection in demonstration api-server for HTTP callback.

• Severity: High
• Advisory: GHSA-vpr5-779c-cx62
• CVE-2023-34105
• Not vulnerable: v5.0.157+, v5.0-b1+, v6.0.48+
• Vulnerable: v5.0.137-v5.0.156, v6.0.18-v6.0.47
• The patch: 1e43bb6 (v5.0.157), 1d878c2 (v6.0.48)
• Fixed at: 2023.07.05