Improper handling of browser-side provided input in richdocuments path handling

CVE-2023-49788

What is CVE-2023-49788?

Collabora Online's Built-in CODE Server has a vulnerability that allows for file overwriting due to a lack of chroot sandboxing. Attack vectors exploit modified client-to-server commands, potentially providing unauthorized access to files outside the intended directory. Users are recommended to upgrade to version 23.5.602 or later to avoid these risks, as there are no known workarounds to mitigate the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References