CVE-2019-17400

Опубликовано: 21 окт. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

Ссылки

https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
Exploit
Third Party Advisory
https://github.com/unoconv/unoconv/pull/510
Patch
Third Party Advisory
https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
Exploit
Third Party Advisory
https://github.com/unoconv/unoconv/pull/510
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:universal_office_converter_project:universal_office_converter:*:*:*:*:*:*:*:*

Версия до 0.9 (исключая)

EPSS

Процентиль: 62%

0.00438

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2019-17400

CVSS3: 7.5

ubuntu

около 6 лет назад

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

CVE-2019-17400

CVSS3: 7.5

redhat

около 6 лет назад

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

CVE-2019-17400

CVSS3: 7.5

debian

около 6 лет назад

The unoconv package before 0.9 mishandles untrusted pathnames, leading ...

GHSA-27p5-7cw6-m45h

CVSS3: 7.5

github

около 6 лет назад

Server-Side Request Forgery in unoconv

ELSA-2020-3944

oracle-oval

около 5 лет назад

ELSA-2020-3944: unoconv security update (MODERATE)

EPSS

Процентиль: 62%

0.00438

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918