Skip to content

feat: block CVE-2023-5003 #3955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 16, 2024
Merged

feat: block CVE-2023-5003 #3955

merged 1 commit into from
Dec 16, 2024
+2 −0

Conversation

azurit
Copy link
Member

@azurit azurit commented Dec 15, 2024

Block file related to CVE-2023-5003, already actively accessed by bots.

@azurit azurit changed the title eat: block CVE-2023-5003 feat: block CVE-2023-5003 Dec 15, 2024
@github-actions GitHub Actions
Copy link
Contributor

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@azurit azurit added this pull request to the merge queue Dec 16, 2024
Merged via the queue into coreruleset:main with commit f39d78f Dec 16, 2024
8 checks passed
@azurit azurit deleted the ldapWP2 branch December 16, 2024 01:47
@fzipi fzipi added the release:new-detection In this PR we introduce a new detection label Dec 29, 2024
@fzipi fzipi mentioned this pull request Jan 6, 2025
Closed
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Feb 6, 2025
@bmwiedemann
Update owasp-modsecurity-crs to version 4.10.0 / rev 10 via SR 1241296
d1809c3 
https://build.opensuse.org/request/show/1241296
by user pgajdos + anag+factory
- package cleanup, coordinated with apache2-mod_security2
  cleanup
- version update to 4.10.0
  * New features and detections
    - feat: block CVE-2023-5003 by @azurit in coreruleset/coreruleset#3955
    - feat: prevent accessing PHP variables by @azurit in coreruleset/coreruleset#3965
  * Other Changes
    - fix: FP against `pattern` with `=` following at arbitrary position by @theseion in
      coreruleset/coreruleset#3963 (forwarded request 1240839 from pgajdos)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xhoenix Xhoenix Xhoenix approved these changes

Assignees
No one assigned
Labels
release:new-detection In this PR we introduce a new detection
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@azurit @Xhoenix @fzipi