Lucene search
PRIOn knowledge basePRION:CVE-2023-30187HistoryAug 14, 2023 - 1:15 p.m.
Improper access control
2023-08-1413:15:00
PRIOn knowledge base
www.prio-n.com
5
improper access control
memory access vulnerability
remote attackers
arbitrary code
crafted javascript file
nvd
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| document_server | ge | 4.0.3 | |
| document_server | le | 7.3.2 |
References
onlyoffice.com
gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2
github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/
github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp
github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a
github.com/ONLYOFFICE/DocumentServer
Related
cvelist
cvelist
CVE-2023-30187
2023-08-14 00:00:00
nvd
nvd
CVE-2023-30187
2023-08-14 13:15:10
osv
osv
CVE-2023-30187
2023-08-14 13:15:10
cve
cve
CVE-2023-30187
2023-08-14 13:15:10