CVE-2021-3312 – org.opencms:opencms-core

Package

Manager: maven
Name: org.opencms:opencms-core
Vulnerable Version: >=11.0.0 <12.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00476 pctl0.63976

Details

XML External Entity Reference in org.opencms:opencms-core An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

Metadata

Created: 2021-10-12T17:23:40Z
Modified: 2021-10-18T13:50:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-g6v7-vqhx-6v6c/GHSA-g6v7-vqhx-6v6c.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-g6v7-vqhx-6v6c
Finding: F083
Auto approve: 1