CVE-2012-3353

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

Ссылки

https://issues.apache.org/jira/browse/SLING-2512
Vendor Advisory
https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E
https://issues.apache.org/jira/browse/SLING-2512
Vendor Advisory
https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:sling_jcr_contentloader:2.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00321

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-wjp3-4xcq-598p