From 32e35c0b361066fce44b37ec329499c35cc07195 Mon Sep 17 00:00:00 2001
From: winlin <winlinvip@gmail.com>
Date: Thu, 28 Mar 2024 11:03:32 +0800
Subject: [PATCH] Update security advisories.

---
 .../security-advisories.md                            | 11 +++++++++++
 src/pages/security-advisories.md                      | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md b/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md
index 0cd0cdd7..7997e7a3 100644
--- a/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md
+++ b/i18n/zh-cn/docusaurus-plugin-content-pages/security-advisories.md
@@ -2,6 +2,17 @@
 
 请将任何安全漏洞报告到[这里](https://github.com/ossrs/srs/security/advisories)。
 
+## CVE-2024-29882
+
+HTTP API: DOM - XSS on JSONP callback
+
+* Severity: **High**
+* Advisory: [GHSA-gv9r-qcjc-5hj7](https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7)
+* [CVE-2024-29882](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29882)
+* Not vulnerable: 5.0.210+, 6.0.121+
+* Vulnerable: <5.0.210, <6.0.121
+* The patch: [c75c9840d](https://github.com/ossrs/srs/commit/c75c9840d533a1a2c7aaf18f7bd7990ef0cbecfa) (v5.0.210), [244ce7bc0](https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d) (v6.0.48)
+
 ## CVE-2023-34105
 
 Command injection in demonstration api-server for HTTP callback.
diff --git a/src/pages/security-advisories.md b/src/pages/security-advisories.md
index fc1e3fca..40632fec 100644
--- a/src/pages/security-advisories.md
+++ b/src/pages/security-advisories.md
@@ -2,6 +2,17 @@
 
 Please report any security vulnerabilities to [here](https://github.com/ossrs/srs/security/advisories).
 
+## CVE-2024-29882
+
+HTTP API: DOM - XSS on JSONP callback
+
+* Severity: **High**
+* Advisory: [GHSA-gv9r-qcjc-5hj7](https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7)
+* [CVE-2024-29882](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29882)
+* Not vulnerable: 5.0.210+, 6.0.121+
+* Vulnerable: <5.0.210, <6.0.121
+* The patch: [c75c9840d](https://github.com/ossrs/srs/commit/c75c9840d533a1a2c7aaf18f7bd7990ef0cbecfa) (v5.0.210), [244ce7bc0](https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d) (v6.0.48)
+
 ## CVE-2023-34105
 
 Command injection in demonstration api-server for HTTP callback.