limesurvey: mark as insecure

2021-01-29 23:42:04 +01:00 · 2021-01-29 23:42:04 +01:00 · a03847e696
commit a03847e696
parent 526738a799
1 changed files with 5 additions and 0 deletions
--- a/pkgs/servers/limesurvey/default.nix
+++ b/pkgs/servers/limesurvey/default.nix
@ -37,5 +37,10 @@ stdenv.mkDerivation rec {
    homepage = "https://www.limesurvey.org";
    maintainers = with maintainers; [offline];
    platforms = with platforms; unix;
+    knownVulnerabilities = [
+      # https://github.com/LimeSurvey/LimeSurvey/blob/3.x-LTS/docs/release_notes.txt
+      "Unauthorized access to statistics of a survey with certain permission configurations"
+      "Persistent XSS in browse response"
+    ];
  };
 }