3.6.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-05	CVE-2024-23049	Command Injection vulnerability in B3Log Symphony An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. network low complexity b3log CWE-77 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.