CVE-2021-46365 – info.magnolia:magnolia-core

Package

Manager: maven
Name: info.magnolia:magnolia-core
Vulnerable Version: >=0 <6.2.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00513 pctl0.65564

Details

Improper Restriction of XML External Entity Reference in Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.

Metadata

Created: 2022-02-12T00:00:37Z
Modified: 2022-04-20T19:13:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-3qpg-33wr-533j/GHSA-3qpg-33wr-533j.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-3qpg-33wr-533j
Finding: F083
Auto approve: 1