Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve an important insecure library loading vulnerability (CVE-2018-4938), an important cross-site scripting vulnerability that could lead to code injection (CVE-2018-4940) and an important cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941). These updates also include a mitigation for a critical unsafe Java deserialization vulnerability (CVE-2018-4939) and a mitigation for a critical unsafe XML parsing vulnerability (CVE-2018-4942).
Affected versions:
- ColdFusion (2016 release): update 5 and earlier versions
- ColdFusion 11: update 13 and earlier versions
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment