Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

  • SEC-131 - Getting issue details... STATUS
      • Category: Customer Security: medium - high
      • Type: Open Redirect
      • Risk: Identity-theft, Phishing, Defacement
      • Summary: A bug in the django-1.11.14 allows an attacker to fool our customers by redirecting them to external/attacker controlled websites
      • For unkown reasons did not get merged into release 2.9.0
      • Is fixed in development by upgrading django and its dependencies to 1.11.16

  • SEC-125 - Getting issue details... STATUS
      • Category: Customer Security: medium- high
      • Type: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
      • Risk: Session-Highjacking, Stolen Payments, Insecure NETS payment
      • Summary: During NETS payment our customer loses his secured cookies when getting redirected
      • Fix has been reverted, due to a bug and time constraintsfor now.
      • NETS payment should be treated as insecure
      • unfixed/unplanned




  • No labels