XML External Entity Reference in org.opencms:opencms-core

GHSA-g6v7-vqhx-6v6c · CVE-2021-3312

Published Oct 12, 2021 · Modified Nov 8, 2023

Description

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3312
WEB https://github.com/alkacon/opencms-core/issues/721
WEB https://github.com/alkacon/opencms-core/issues/725
WEB https://github.com/alkacon/opencms-core/commit/92e035423aa6967822d343e54392d4291648c0ee
PACKAGE https://github.com/alkacon/opencms-core
WEB https://github.com/alkacon/opencms-core/releases

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes