CVE-2012-3353

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Sling
Vendor: CVE Published:; 9 January 2018

Summary

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

Affected Version(s)

Apache Sling JCR ContentLoader 2.1.4

References

https://lists.apache.org/thread.html/50994d80dd5cf93f1365...

mailing-listx_refsource_MLIST

https://issues.apache.org/jira/browse/SLING-2512

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2018
Vulnerability Reserved
Jun 14, 2012