Issue List
VWE-2020-5875 is a Permissions Escalation issue, where a user who was merged from multiple accounts may have new permissions granted that were not granted for any of the source accounts.VWE-2020-5917 is a Denial of Service issue, where by creating large numbers of discussions for a conflicted page, a malicious user can ensure that the admin's conflict resolution tool cannot handle that page.
Patches
The following patches address the aforementioned issues:- 4.1.0 RC 3 Patch Level 2
- 4.1.0 RC 2 Patch Level 3
- 4.1.0 RC 1 Patch Level 4
- 4.0.28 Patch Level 4