CVE-2018-1321
- Source
- https://cve.org/CVERecord?id=CVE-2018-1321
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1321.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1321
- Aliases
- Published
- 2018-03-20T17:29:00.267Z
- Modified
- 2026-04-10T04:05:18.248844Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
- References
Affected packages
Git / github.com/apache/syncope
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/syncope
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.2.0" }, { "fixed": "1.2.11" }, { "introduced": "2.0.0" }, { "fixed": "2.0.8" }, { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "1.0.4" }, { "introduced": "0" }, { "last_affected": "1.0.5" }, { "introduced": "0" }, { "last_affected": "1.0.6" }, { "introduced": "0" }, { "last_affected": "1.0.7" }, { "introduced": "0" }, { "last_affected": "1.0.8" }, { "introduced": "0" }, { "last_affected": "1.0.9" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.1" }, { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "0" }, { "last_affected": "1.1.3" }, { "introduced": "0" }, { "last_affected": "1.1.4" }, { "introduced": "0" }, { "last_affected": "1.1.5" }, { "introduced": "0" }, { "last_affected": "1.1.6" }, { "introduced": "0" }, { "last_affected": "1.1.7" }, { "introduced": "0" }, { "last_affected": "1.1.8" }, { "introduced": "0" }, { "last_affected": "1.2.0-milestone1" } ] }
Affected versions
syncope-1.*
syncope-1.0.0-incubating
syncope-1.0.4
syncope-1.0.5
syncope-1.0.6
syncope-1.0.7
syncope-1.0.8
syncope-1.0.9
syncope-1.1.0-SNAPSHOT-before-role-provisioning
syncope-1.1.1
syncope-1.1.2
syncope-1.1.3
syncope-1.1.4
syncope-1.1.5
syncope-1.1.6
syncope-1.1.7
syncope-1.1.8
syncope-1.2.0-M1
syncope-1.2.1
syncope-1.2.10
syncope-1.2.2
syncope-1.2.3
syncope-1.2.4
syncope-1.2.5
syncope-1.2.6
syncope-1.2.7
syncope-1.2.8
syncope-1.2.9
syncope-2.*
syncope-2.0.0
syncope-2.0.1
syncope-2.0.2
syncope-2.0.3
syncope-2.0.4
syncope-2.0.5
syncope-2.0.6
syncope-2.0.7