RSS   Vulnerabilities for 'Alfresco transform services'   RSS

2021-10-21
 
CVE-2021-41792

CWE-918
 

 
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.

 

 >>> Vendor: Alfresco 7 Products
Alfresco
Community edition
Reset password
Alfresco content services
Alfresco transform services
Community share
Share


Copyright 2021, cxsecurity.com

 

Back to Top