mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.6 KiB
1.6 KiB
CVE-2019-9851
Description
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
POC
Reference
Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/SamP10/VulnerableDockerfile
- https://github.com/adrienpessu-octodemo/VulnerableDockerfile
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/devin-pilot-repos/VulnerableDockerfile
- https://github.com/fbrousse/VulnerableDockerfile
- https://github.com/mgulter/config-secrets-test