Lucene search

[email protected]NVD:CVE-2024-33864

HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-33864

2024-05-1416:17:22

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

linqi

windows

document template

remote images

process creation

file inclusion

pdf document

javascript

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

Low

JSON

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

References

linqi.help/Updates/en#/SecurityUpdates

www.linqi.de/de-DE/blog.html

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

Low

JSON

Related for NVD:CVE-2024-33864

cvelist1 cve1 vulnrichment1