Velocity script execution without script right through tree macro. Impact: Allows unauthorized execution of Velocity script through document tree, even without script right. Patches: XWiki 14.10.7 and 15.2RC1. Workarounds: Modify XWiki.DocumentTreeMacros. References: XWIKI-20625, github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
Prion | Code injection | 21 Dec 202320:15 | – | prion |
OSV | CVE-2023-50732 | 21 Dec 202320:15 | – | osv |
Cvelist | CVE-2023-50732 Velocity execution without script right through tree macro | 21 Dec 202319:42 | – | cvelist |
Github Security Blog | Velocity execution without script right through tree macro | 19 Dec 202321:39 | – | github |
NVD | CVE-2023-50732 | 21 Dec 202320:15 | – | nvd |
CVE | CVE-2023-50732 | 21 Dec 202320:15 | – | cve |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo