CVE-2021-30245

CWE-6103 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 39.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OpenofficeApache Openoffice
Timeline
PublishedApr 15
Latest updateMay 24

Description

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of con

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_openofficeApache OpenOffice4.1.9

Patches

Patch: lists.apache.orgPatch: lists.apache.orgPatch: lists.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-2qf7-45r5-qhqx: The project received a report that all versions of Apache OpenOffice through 42022-05-24
CVEList
Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks2021-04-15
CVE-2021-30245 (HIGH CVSS 8.8) | The project received a report that | cvebase.io