Lucene search

[email protected]NVD:CVE-2023-46502

HistoryOct 30, 2023 - 11:15 p.m.

CVE-2023-46502

2023-10-3023:15:08

CWE-611

CWE-918

[email protected]

web.nvd.nist.gov

opencrx

vulnerability

remote attack

file read

ssrf

documentbuilderfactory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

54.6%

JSON

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.

Affected configurations

Nvd

Node

opencrxopencrxMatch5.2.2

VendorProductVersionCPE
opencrxopencrx5.2.2cpe:2.3:a:opencrx:opencrx:5.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opencrx	opencrx	5.2.2	cpe:2.3:a:opencrx:opencrx:5.2.2:::::::*

References

gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e

github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

54.6%

JSON

Related for NVD:CVE-2023-46502

github1 vulnrichment1 veracode1 osv2 cve1 prion1 cvelist1