CVE-2018-1321

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1321
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1321.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1321
Aliases
Published
2018-03-20T17:29:00Z
Modified
2024-05-29T23:34:55Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

References

Affected packages

Git / github.com/apache/syncope

Affected ranges

Type
GIT
Repo
https://github.com/apache/syncope
Events