Zurück zur CVE-Übersicht
CVE-2023-30187
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
2%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
Referenzen
- https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
- https://github.com/ONLYOFFICE/DocumentServer
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d...
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d...
- https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d6115...
- https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
- https://github.com/ONLYOFFICE/DocumentServer
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d...
- https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d...
- https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d6115...