exploitDog

CVE-2022-29851

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

Ссылки

https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/168242/OX-App-Suite-Cross-Site-Scripting-Command-Injection.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*

Версия до 7.10.6 (включая)

EPSS

Процентиль: 81%

0.01605

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-5wgq-vg66-44cm

CVSS3: 9.8

github

больше 3 лет назад

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

EPSS

Процентиль: 81%

0.01605

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78