An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
References
Link | Resource |
---|---|
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md | Third Party Advisory |
https://www.themissinglink.com.au/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-21T08:49:01
Updated: 2021-10-21T08:49:01
Reserved: 2021-09-29T00:00:00
Link: CVE-2021-41790
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-21T09:15:08.790
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-41790
JSON object: View
Redhat Information
No data.
CWE