Description

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

Remediation

References

https://issues.apache.org/jira/browse/SLING-2512

https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E

Related Vulnerabilities

CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status

CVE-2020-13932 Vulnerability in maven package org.apache.activemq:artemis-plugin

CVE-2023-40014 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

CVE-2022-45855 Vulnerability in maven package org.apache.ambari:ambari

CVE-2016-5016 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory