docs: update CVEs for 3.0.4 and 3.1.1 (#27287)

apache · Feb 28, 2024 · dfa15d7 · dfa15d7
1 parent 0383bed
commit dfa15d7
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/docs/docs/security/cves.mdx b/docs/docs/security/cves.mdx
@@ -4,6 +4,16 @@ hide_title: true
 sidebar_position: 2
 ---
 
+#### Version 3.0.4, 3.1.1
+
+| CVE            | Title                                                                        |                    Affected |
+|:---------------|:-----------------------------------------------------------------------------|----------------------------:|
+| CVE-2024-27315 | Improper error handling on alerts                                            |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24773 | Improper validation of SQL statements allows for unauthorized access to data |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24772 | Improper Neutralisation of custom SQL on embedded context                    |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-24779 | Improper data authorization when creating a new dataset                      |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+| CVE-2024-26016 | Improper authorization validation on dashboards and charts import            |  < 3.0.4, >= 3.1.0, < 3.1.1 |
+
 #### Version 3.0.3
 
 | CVE            | Title                                         | Affected |