Описание
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| owncloud | fixed | 6.0.2+dfsg-1 | package | |
| php-getid3 | fixed | 1.9.7-2 | package | |
| php-getid3 | fixed | 1.9.3-1+deb7u1 | wheezy | package |
| php-getid3 | not-affected | squeeze | package | |
| wordpress | fixed | 3.9.2+dfsg-1 | package |
Примечания
https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
http://owncloud.org/about/security/advisories/oC-SA-2014-006/
https://core.trac.wordpress.org/changeset/29390
EPSS
Связанные уязвимости
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
EPSS