-
-
SEC-131Getting issue details...
STATUS
- Category: Customer Security: medium - high
- Type: Open Redirect
- Risk: Identity-theft, Phishing, Defacement
- Summary: A bug in the django-1.11.14 allows an attacker to fool our customers by redirecting them to external/attacker controlled websites
- For unkown reasons did not get merged into release 2.9.0
- Is fixed in development by upgrading django and its dependencies to 1.11.16
-
-
SEC-125Getting issue details...
STATUS
- Category: Customer Security: medium- high
- Type: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- Risk: Session-Highjacking, Stolen Payments, Insecure NETS payment
- Summary: During NETS payment our customer loses his secured cookies when getting redirected
- Fix has been reverted, due to a bug and time constraints
- NETS payment should be treated as insecure
- unfixed/unplanned
General
Content
Integrations