Lucene search
MitreCVELIST:CVE-2023-30187HistoryAug 14, 2023 - 12:00 a.m.
CVE-2023-30187
2023-08-1400:00:00
mitre
www.cve.org
vulnerability
onlyoffice
documentserver
remote attackers
javascript
arbitrary code
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
References
onlyoffice.com
gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/
github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110
github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a
github.com/ONLYOFFICE/DocumentServer
Related
nvd
nvd
CVE-2023-30187
2023-08-14 13:15:10
osv
osv
CVE-2023-30187
2023-08-14 13:15:10
cve
cve
CVE-2023-30187
2023-08-14 13:15:10
prion
prion
Improper access control
2023-08-14 13:15:00