FaxStore Changelogs

1.x.x
1.0.0 - Initial Release
1.0.1 - Release 1.1
1.2.0 - Release 1.2
1.3.0 - Release 1.3
1.4.0 - Release 1.4
1.6.0 - Stripe Integration
1.6.1 - Hotfix
1.7.0 - General Pages
1.8.1 - Login Options
1.8.2 - Bug Fixes
1.8.3 - Minor Update
1.9.0 - More Listing Types
1.9.1 - Release 1.9.1
1.9.2 - Emails and Custom Invoicing
1.9.3 - Fatal Error Fix
2.x.x
2.0 - Displays & Themes
2.0.1 - Hot Fix
2.0.4 - Tracked Fixes
2.1.0 - Tax & Secondary Payments
2.1.1 - Bug Fixes
2.1.2 - Checkout Fix
2.2.0 - Forms & New Permissions
2.2.1 - Bug Exterminators
2.2.5 - A Refined Place
2.3.0 - Time to Square up!
2.3.2 - Automatic Updates
2.3.6 - Security vulnerability fix
2.3.9 - Invalid "code" in request fix
2.3.12 - Standard Logins (SL)
2.4.0 - Packages & Quotes
2.4.1 - Mobile View
2.4.5 - Account 2FA
2.4.6 - Corrections
2.5.0 - Tebby Integration
2.5.1 - Recovery One
2.6.0 - Spring Cleaning
2.6.1 - Username Checks & Dev Mode
2.6.2 - Recovery One
2.6.3 - Recovery Two
2.6.4 - Security Release
2.6.5 - Adding Items to Users
2.6.6 - Discord Promotion Code Fix
2.7.0 - Staff Panel Redesign
2.7.1 - Pause Discount Codes

Weblutions Documentation > FaxStore Changelogs > 2.x.x > 2.3.6 - Security vulnerability fix

2.3.6 - Security vulnerability fix

- Added HTML support to the default notification bar

• Fixed PAYEE_ACCOUNT_RESTRICTED error for PayPal - #1764
• Fixed various passport errors
• Fixed a DoS security vulnerability, see below for more details

CVE-2022-24434

A malicious attacker can send a modified form to server, and crash the nodejs service. A complete denial of service can be achived by sending the malicious form in a loop.

References:

- https://nvd.nist.gov/vuln/detail/CVE-2022-24434

- https://snyk.io/vuln/SNYK-JS-DICER-2311764

- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865

Suggest an edit

Review this page

• Login