admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-23 19:00:36 +00:00
parent dd9374e2d1
commit 7d6801ae18
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
23 changed files with 149 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/29xxx/CVE-2021-29421.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-d97bc581be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/"
},
{
"refsource": "MISC",
"name": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100",
"url": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100"
}
]
}

15
2021/38xxx/CVE-2021-38578.json
View File

@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_value": "edk-stable202208",
"version_value": "edk2-stable202208",
"version_affected": "="
}
]
@ -67,19 +67,6 @@
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "patch&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\">https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6</a><br><br>"
}
],
"value": "patch\u00a0 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n\n"
}
],
"impact": {
"cvss": [
{

5
2021/43xxx/CVE-2021-43033.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43034.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43035.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43036.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43037.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43038.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43039.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43040.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43041.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43042.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43043.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

5
2021/43xxx/CVE-2021-43044.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
},
{
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}

66
2021/43xxx/CVE-2021-43258.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.churchdb.org/",
"refsource": "MISC",
"name": "http://www.churchdb.org/"
},
{
"url": "https://sourceforge.net/projects/churchinfo/files/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/churchinfo/files/"
},
{
"refsource": "MISC",
"name": "https://github.com/rapid7/metasploit-framework/pull/17257",
"url": "https://github.com/rapid7/metasploit-framework/pull/17257"
}
]
}

63
2021/46xxx/CVE-2021-46849.json
View File

@ -1,66 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46849",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/779475",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/779475"
},
{
"url": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100",
"refsource": "MISC",
"name": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29421. Reason: This candidate is a duplicate of CVE-2021-29421. Notes: All CVE users should reference CVE-2021-29421 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

5
2022/32xxx/CVE-2022-32060.json
View File

@ -56,6 +56,11 @@
"url": "https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea",
"refsource": "MISC",
"name": "https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea"
},
{
"refsource": "MISC",
"name": "https://github.com/bypazs/CVE-2022-32060",
"url": "https://github.com/bypazs/CVE-2022-32060"
}
]
}

2
2022/41xxx/CVE-2022-41875.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica.\n\nThe vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`."
"value": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`."
}
]
},

2
2022/41xxx/CVE-2022-41923.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack.\n\nThis vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1.\n\nImpacted Applications:\nGrails Spring Security Core plugin versions:\n1.x\n2.x\n>=3.0.0 <3.3.2\n>=4.0.0 <4.0.5\n>=5.0.0 <5.1.1\n\nWe strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin.\n\nWorkarounds:\nUsers should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration:\n\n* `AnnotationFilterInvocationDefinition`\n* `InterceptUrlMapFilterInvocationDefinition`\n* `RequestmapFilterInvocationDefinition`\n\nIn each case, the subclass should override the `calculateUri` method like so:\n```\n@Override\nprotected String calculateUri(HttpServletRequest request) {\n UrlPathHelper.defaultInstance.getRequestUri(request)\n}\n```\n\nThis should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin."
"value": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin."
}
]
},

12
2022/41xxx/CVE-2022-41924.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. \n\nAll Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue."
"value": "A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue."
}
]
},
@ -77,16 +77,16 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp",
"refsource": "CONFIRM",
"url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp"
},
{
"name": "https://emily.id.au/tailscale",
"refsource": "MISC",
"url": "https://emily.id.au/tailscale"
},
{
"name": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp",
"refsource": "CONFIRM",
"url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp"
},
{
"name": "https://tailscale.com/security-bulletins/#ts-2022-004",
"refsource": "MISC",

2
2022/41xxx/CVE-2022-41925.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the nodes Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the nodes environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the users tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop.\n\nAll Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue."
"value": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node\u2019s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node\u2019s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user\u2019s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue."
}
]
},

2
2022/41xxx/CVE-2022-41927.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation.\n\nThe problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. \n\nWorkarounds:\nIt's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting:\n```\n#if (!$services.csrf.isTokenValid($request.get('form_token')))\n #set ($discard = $response.sendError(401, \"Wrong CSRF token\"))\n#end\n```"
"value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
}
]
},

2
2022/41xxx/CVE-2022-41928.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties.\n\nThis has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below:\n\n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
"value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
}
]
},