CVE-2012-3353

CWE-200 — Information Exposure4 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 45.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Sling Apache Sling JCR Contentloader

Timeline

PublishedJan 9

Latest updateMay 14

Description

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.sling:org.apache.sling.jcr.contentloader< 2.1.6

▶NVDapache/sling_jcr_contentloader2.1.4

▶CVEListV5apache_software_foundation/apache_slingJCR ContentLoader 2.1.4

🔴Vulnerability Details

GHSA

Apache Sling JCR ContentLoader XmlReader Arbitrary File Load↗2022-05-14

▶

OSV

Apache Sling JCR ContentLoader XmlReader Arbitrary File Load↗2022-05-14

▶

CVEList

CVE-2012-3353: The Apache Sling JCR ContentLoader 2↗2018-01-08

▶