Foren / Cotonti / Bugs / Reports / Cotonti Security Vulnerability Notification

htbridge
#1 17. Juli 2013, 18:33

Hello,

High-Tech Bridge Security Research Lab has discovered a security vulnerability in Cotonti version 0.9.13.

Preview available here: https://www.htbridge.com/advisory/HTB23164

Developers can contact us by email advisory (at) htbridge.com for details.

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,

High-Tech Bridge Security Research Lab

Trustmaster
#2 17. Juli 2013, 18:56

Hello,
Thank you very much for reporting the vulnerability. I have just committed the fix for it to our repository on GitHub:
https://github.com/Cotonti/Cotonti/commit/45eec046391afabb676b62b9201da0cd530360b4

This fix will be included in the upcoming 0.9.14 release which we will do our best to release by July 22.
 

May the Source be with you!
tensh
#3 18. Juli 2013, 07:25

Maybe a bit on topic, maybe a bit offtopic:

Interesting read about HTML5 security :)

http://w3af.org/understanding-html5-security