Bill Katula Posted July 13 Share Posted July 13 Hi, I recently had to restore a site and noticed some log entries referencing applications/core/interface/ckeditor/ckeditor/plugins/ related to malicious activity and I see that was reported as a possible vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2024-30162 There was also another report for a SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2024-30163 Were these addressed in 4.7.17? Thanks AlexJ 1 Link to comment Share on other sites More sharing options...
Solution Stuart Silvester Posted July 13 Solution Share Posted July 13 We reviewed the report now identified as CVE-2024-30162. It was determined this was not a valid issue. The issue identified in CVE-2024-30163 was fixed in 4.7.16 as noted in the NIST page and in our release notes flagged as a security release - https://invisioncommunity.com/release-notes/4716-r128/ It's with noting that if you have security questions or concerns you can reach out to us privately via our contact page. AlexJ 1 Link to comment Share on other sites More sharing options...
Bill Katula Posted July 13 Author Share Posted July 13 Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go. Link to comment Share on other sites More sharing options...
Marc Posted July 15 Share Posted July 15 On 7/13/2024 at 11:25 PM, Bill Katula said: Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go. No problem. Feel free to hit billing if needed. We can always forward you to the right place if needed 🙂 Link to comment Share on other sites More sharing options...
Recommended Posts