oss-sec mailing list archives

CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 4 Feb 2016 17:33:18 +0100

Hi

A new security and maintanance release for WordPress was announced,
which addresses two security issues:

https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/

According to the announcement:

WordPress versions 4.4.1 and earlier are affected by two security
issues: a possible SSRF for certain local URIs, reported by Ronni
Skansing; and an open redirection attack, reported by Shailesh
Suthar.


Could two CVEs be assigned for the repspective issues?

References:
https://core.trac.wordpress.org/changeset/36444
https://core.trac.wordpress.org/changeset/36435

Regards,
Salvatore

Current thread:

CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Salvatore Bonaccorso (Feb 04)
- Re: CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability cve-assign (Feb 04)