Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for sling_jcr_contentloader by apache

    CVE-2012-3353 (GCVE-0-2012-3353)

    Vulnerability from nvd – Published: 2018-01-08 21:00 – Updated: 2024-09-16 23:56
    VLAI
    Summary
    The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
    Severity
    No CVSS data available.
    CWE
    • Content Loading Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: JCR ContentLoader 2.1.4
    Create a notification for this product.
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:11.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/SLING-2512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "JCR ContentLoader 2.1.4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Loading Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-08T20:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/SLING-2512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2017-05-09T00:00:00",
              "ID": "CVE-2012-3353",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "JCR ContentLoader 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Loading Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a@%3Cdev.sling.apache.org%3E"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/SLING-2512",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/SLING-2512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2012-3353",
        "datePublished": "2018-01-08T21:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:56:19.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3353 (GCVE-0-2012-3353)

    Vulnerability from cvelistv5 – Published: 2018-01-08 21:00 – Updated: 2024-09-16 23:56
    VLAI
    Summary
    The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader
    Severity
    No CVSS data available.
    CWE
    • Content Loading Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Sling Affected: JCR ContentLoader 2.1.4
    Create a notification for this product.
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:11.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/SLING-2512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Sling",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "JCR ContentLoader 2.1.4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Loading Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-08T20:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/SLING-2512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2017-05-09T00:00:00",
              "ID": "CVE-2012-3353",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Sling",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "JCR ContentLoader 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Loading Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[dev] 20180108 CVE-2012-3353: Apache Sling Content Loading Vulnerability",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a@%3Cdev.sling.apache.org%3E"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/SLING-2512",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/SLING-2512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2012-3353",
        "datePublished": "2018-01-08T21:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:56:19.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }