An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
References
Link | Resource |
---|---|
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md | Third Party Advisory |
https://www.themissinglink.com.au/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-21T08:49:23
Updated: 2021-10-21T08:49:23
Reserved: 2021-09-29T00:00:00
Link: CVE-2021-41792
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-21T09:15:08.913
Modified: 2021-10-27T20:24:28.853
Link: CVE-2021-41792
JSON object: View
Redhat Information
No data.
CWE