Dismissed
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
15 packages
- python313Packages.outlines
- typstPackages.suboutline_0_1_0
- typstPackages.suboutline_0_2_0
- typstPackages.suboutline_0_3_0
- mplus-outline-fonts.osdnRelease
- python312Packages.outlines-core
- python313Packages.outlines-core
- python314Packages.outlines-core
- mplus-outline-fonts.githubRelease
- pkgsRocm.python3Packages.outlines
- python312Packages.outlines
- typstPackages.outline-summaryst_0_1_0
- mdbook-pdf-outline
- pkgsRocm.python3Packages.outlines-core
- go-outline
- @LeSuisse dismissed
Outline has a suspended user authentication bypass via WebSocket connections
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after their account has been suspended. This vulnerability is fixed in 1.1.0.
References
-
https://github.com/outline/outline/security/advisories/GHSA-mx2c-3g2x-5m9m x_refsource_CONFIRM
-
https://github.com/outline/outline/releases/tag/v1.1.0 x_refsource_MISC
-
https://github.com/outline/outline/releases/tag/v1.1.0 x_refsource_MISC
-
https://github.com/outline/outline/security/advisories/GHSA-mx2c-3g2x-5m9m x_refsource_CONFIRM
Affected products
outline
- ==< 1.1.0
Package maintainers
-
@cab404 Vladimir Serov <cab404@mailbox.org>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@yrd Yannik Rödel <nix@yannik.info>
-
@blitz Julian Stecklina <js@alien8.de>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>