CVE-2021-40864

Beschreibung:
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

CWE: CWE-502

CVSS-Bewertung
CVSS 2: – (Version: )
CVSS 3: HIGH – 8.4 (Version: 3.1)

Links:

NVD – CVE-2021-40864
CVE – CVE-2021-40864

Link (max. 20) Quelle Tags
https://github.com/ONLYOFFICE/plugin-translator/compare/v6.3.0.71…v6.3.0.72 MISC
https://github.com/ONLYOFFICE/plugin-translator/commit/2206c0179cb97e3b8b290a0ab5719b1f0f54542b MISC
http://packetstormsecurity.com/files/164136/Facebook-ParlAI-1.0.0-Code-Execution-Deserialization.html MISC
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 MISC
https://github.com/jonschlinkert/set-value/pull/33 MISC

Quelle: NVD – CVE-2021-40864
Datum Veröffentlichung: 2021-09-10T19:15Z, Datum letzte Änderung: 2021-09-12T15:10Z