Update security advisories.

ossrs · Mar 28, 2024 · 32e35c0 · 32e35c0
1 parent 1f7831f
commit 32e35c0
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md b/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md
@@ -2,6 +2,17 @@
 
 请将任何安全漏洞报告到[这里](https://github.com/ossrs/srs/security/advisories)。
 
+## CVE-2024-29882
+
+HTTP API: DOM - XSS on JSONP callback
+
+* Severity: **High**
+* Advisory: [GHSA-gv9r-qcjc-5hj7](https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7)
+* [CVE-2024-29882](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29882)
+* Not vulnerable: 5.0.210+, 6.0.121+
+* Vulnerable: <5.0.210, <6.0.121
+* The patch: [c75c9840d](https://github.com/ossrs/srs/commit/c75c9840d533a1a2c7aaf18f7bd7990ef0cbecfa) (v5.0.210), [244ce7bc0](https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d) (v6.0.48)
+
 ## CVE-2023-34105
 
 Command injection in demonstration api-server for HTTP callback.

diff --git a/src/pages/security-advisories.md b/src/pages/security-advisories.md
@@ -2,6 +2,17 @@
 
 Please report any security vulnerabilities to [here](https://github.com/ossrs/srs/security/advisories).
 
+## CVE-2024-29882
+
+HTTP API: DOM - XSS on JSONP callback
+
+* Severity: **High**
+* Advisory: [GHSA-gv9r-qcjc-5hj7](https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7)
+* [CVE-2024-29882](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29882)
+* Not vulnerable: 5.0.210+, 6.0.121+
+* Vulnerable: <5.0.210, <6.0.121
+* The patch: [c75c9840d](https://github.com/ossrs/srs/commit/c75c9840d533a1a2c7aaf18f7bd7990ef0cbecfa) (v5.0.210), [244ce7bc0](https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d) (v6.0.48)
+
 ## CVE-2023-34105
 
 Command injection in demonstration api-server for HTTP callback.