An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
References
| Link | Resource |
|---|---|
| https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e | Third Party Advisory |
| https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399 | Patch |
Configurations
History
06 Nov 2023, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. |
06 Nov 2023, 15:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399 - Patch | |
| References | (MISC) https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| First Time |
Opencrx opencrx
Opencrx |
|
| CWE | CWE-611 | |
| CPE | cpe:2.3:a:opencrx:opencrx:5.2.2:*:*:*:*:*:*:* |
30 Oct 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-30 23:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-46502
Mitre link : CVE-2023-46502
CVE.ORG link : CVE-2023-46502
JSON object : View
Products Affected
opencrx
- opencrx
CWE
CWE-611
Improper Restriction of XML External Entity Reference