Lucene search

GoogleOSV:CVE-2023-47271

HistoryNov 06, 2023 - 12:15 a.m.

CVE-2023-47271

2023-11-0600:15:09

Google

osv.dev

pkp-wal

xml document

issue cover image

software

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

CPENameOperatorVersion
pkp-libeqojs-3_0b1
pkp-libeqojs-2_3_3-0
pkp-libeqomp-3_1_0-0
pkp-libeqharvester-2_3_0b1
pkp-libeq3_3_0-11
pkp-libeq3_2_0-1
pkp-libeq3_3_0-2
pkp-libeqomp-1_2_0-0
pkp-libeqomp-0_9_9-0
pkp-libeq3_3_0-4

Name	Operator	Version
pkp-lib	eq	ojs-3_0b1
pkp-lib	eq	ojs-2_3_3-0
pkp-lib	eq	omp-3_1_0-0
pkp-lib	eq	harvester-2_3_0b1
pkp-lib	eq	3_3_0-11
pkp-lib	eq	3_2_0-1
pkp-lib	eq	3_3_0-2
pkp-lib	eq	omp-1_2_0-0
pkp-lib	eq	omp-0_9_9-0
pkp-lib	eq	3_3_0-4

Rows per page:

1-10 of 361

References

packetstormsecurity.com/files/176255/PKP-WAL-3.4.0-3-Remote-Code-Execution.html

seclists.org/fulldisclosure/2023/Dec/23

github.com/pkp/pkp-lib/issues/9464

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for OSV:CVE-2023-47271