Headline
CVE-2022-27246: new: add setting for allowing svg org logos · MISP/MISP@08a07a3
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
@@ -17,6 +17,7 @@
‘user_monitoring_enabled’ => false,
‘authkey_keep_session’ => false,
‘disable_local_feed_access’ => false,
‘enable_svg_logos’ => false,
//’auth’ => array(‘CertAuth.Certificate’), // additional authentication methods
//’auth’ => array(‘ShibbAuth.ApacheShibb’),
//’auth’ => array(‘AadAuth.AadAuthenticate’),