Security CVE Pending

jonathanmann · 11 July 2022 11:01

Sorry if this has been asked elsewhere already…

On the release notes page https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6, it states the following: -

CVE: Pending - SQL Injection Vulnerability
CVE: Pending - SQL Injection Vulnerability
CVE: Pending - SQL Injection Vulnerability
CVE: Pending - Improper Access Control
CVE: Pending - RCE and CSRF Vulnerability
CVE: Pending - Authenticated Bypass Vulnerability

Does “CVE: Pending” mean the vulnerability has been fixed and is awaiting a CVE number, or does it mean the Vulnerability is still pending a fix?

Thanks for your help.

pgr · 11 July 2022 14:27

It means it’s already fixed in that release.
Then there is a time to allow people to upgrade safely before the details go public, it’s standard procedure.

jonathanmann · 11 July 2022 14:45

Thanks for confirming.