admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/29xxx/CVE-2021-29447.json

108 lines
4.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
{
"CVE_data_meta": {
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
"ASSIGNER": "security-advisories@github.com",
"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
"ID": "CVE-2021-29447",
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
"STATE": "PUBLIC",
"TITLE": "WordPress Authenticated XXE attack when installation is running PHP 8"
"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
},
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wordpress-develop",
"version": {
"version_data": [
{
"version_value": ">= 5.6.0, < 5.7.1"
}
]
}
}
]
},
"vendor_name": "WordPress"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
"description": {
"description_data": [
{
"lang": "eng",
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
"value": "Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-611\":\"Improper Restriction of XML External Entity Reference\"}"
}
]
"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
}
]
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
},
"references": {
"reference_data": [
{
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh"
},
{
"name": "https://wordpress.org/news/category/security/",
"refsource": "MISC",
"url": "https://wordpress.org/news/category/security/"
"-Synchronized-Data."
2021-04-21 09:00:42 +00:00
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210421 [SECURITY] [DLA 2630-1] wordpress security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html"
"-Synchronized-Data."
2021-04-23 12:00:54 +00:00
},
{
"refsource": "DEBIAN",
"name": "DSA-4896",
"url": "https://www.debian.org/security/2021/dsa-4896"
"-Synchronized-Data."
2021-06-15 21:00:58 +00:00
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html",
"url": "http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html"
"-Synchronized-Data."
2021-09-20 18:01:12 +00:00
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html",
"url": "http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html"
Add CVE-2021-29447 for GHSA-rv47-pc52-qrhh
2021-04-15 14:07:08 -07:00
}
]
},
"source": {
"advisory": "GHSA-rv47-pc52-qrhh",
"discovery": "UNKNOWN"
"-Synchronized-Data."
2021-03-30 18:01:10 +00:00
}
}
Reference in New Issue Copy Permalink