exploitDog

GHSA-gq66-wmx6-v7rg

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.

Ссылки

EPSS

Процентиль: 91%

0.06142

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-5758

CVSS3: 6.5

nvd

почти 8 лет назад

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.

EPSS

Процентиль: 91%

0.06142

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-611