Fix for CVE-2024-6658

It is possible for authenticated, remote attackers who have access to the management interface of LoadMaster (and LoadMaster credentials) to issue a carefully crafted HTTP request using the NetConsole API command that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. Refer to this knowledge base article for more information.

Fix for CVE-2024-7591

It is possible for unauthenticated, remote attackers (who have access to the LoadMaster management interface) to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. [Note that this fix was previously delivered in an add-on patch; the same fix has now been included in this release and will be included in all subsequent releases.] Refer to this knowledge base article for more information.