Lucene search

PRIOn knowledge basePRION:CVE-2024-21651

HistoryJan 09, 2024 - 12:15 a.m.

Code injection

2024-01-0900:15:00

PRIOn knowledge base

www.prio-n.com

xwiki

tar file

code injection

vulnerability

patched

cpu consumption

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.

CPENameOperatorVersion
xwikige15.6
xwikilt15.8
xwikige14.10
xwikilt14.10.18
xwikige15.5
xwikilt15.5.3

Name	Operator	Version
xwiki	ge	15.6
xwiki	lt	15.8
xwiki	ge	14.10
xwiki	lt	14.10.18
xwiki	ge	15.5
xwiki	lt	15.5.3

References

github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4

jira.xwiki.org/browse/XCOMMONS-2796