[MAVEN:GHSA-XGC9-9W4V-H33H] High severity vulnerability that affects org.apache.syncope:syncope-core
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.syncope/syncope-core
|
>= 2.0.0, < 2.0.8 |
|
pkg:maven/org.apache.syncope/syncope-core
|
< 1.2.11 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.syncope/syncope-core
|
= 2.0.8 |
|
pkg:maven/org.apache.syncope/syncope-core
|
= 1.2.11 |
- ID
- MAVEN:GHSA-XGC9-9W4V-H33H
- Severity
- high
- URL
- https://github.com/advisories/GHSA-xgc9-9w4v-h33h
- Published
-
2018-11-06T23:17:27
(5 years ago) - Modified
-
2023-01-09T05:03:29
(20 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.syncope/syncope-core | org.apache.syncope |
syncope-core
|
>= 2.0.0 < 2.0.8 | |||
| Fixed | pkg:maven/org.apache.syncope/syncope-core | org.apache.syncope |
syncope-core
|
= 2.0.8 | |||
| Affected | pkg:maven/org.apache.syncope/syncope-core | org.apache.syncope |
syncope-core
|
< 1.2.11 | |||
| Fixed | pkg:maven/org.apache.syncope/syncope-core | org.apache.syncope |
syncope-core
|
= 1.2.11 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |