Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to:
The following libraries are affected:
All vendors except PHPDocX have released an update. PHPDocX states that the admin is responsible to validate the DOCX document and is considering this as won’t fix.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 5.0.15 | |
owncloud server | lt | 6.0.2 |