Source: civicrm Version: 4.7.30+dfsg-1 Severity: grave Tags: security upstream Control: fixed -1 5.3.1+dfsg-1
https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform This is already fixed, so this bug is to track the issue in the BTS. No CVEs seem to be assigned for the CIVI advisories. Speaking of that, might you convince upstream to request CVE identifiers when they plan to release a CiviCRM security advisory? Regards, Salvatore