An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
References
Link | Resource |
---|---|
https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e | Third Party Advisory |
https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399 | Patch |
Configurations
History
09 Sep 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-30 23:15
Updated : 2024-09-09 21:35
NVD link : CVE-2023-46502
Mitre link : CVE-2023-46502
CVE.ORG link : CVE-2023-46502
JSON object : View
Products Affected
opencrx
- opencrx