Lucene search
K

4 matches found

NVD
NVD
added 2022/01/12 7:15 p.m.37 views

CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks e.g., File Exfiltration, Server Side Request Forgery, Out of Band...

8.8CVSS0.02148EPSS
Exploits1References2
OSV
OSV
added 2022/01/12 7:15 p.m.24 views

CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks e.g., File Exfiltration, Server Side Request Forgery, Out of Band...

8.8CVSS6.9AI score0.02148EPSS
Exploits1References2
Prion
Prion
added 2022/01/12 7:15 p.m.15 views

Server side request forgery (ssrf)

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks e.g., File Exfiltration, Server Side Request Forgery, Out of Band...

6.5CVSS8.6AI score0.02148EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 6:58 p.m.43 views

CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks e.g., File Exfiltration, Server Side Request Forgery, Out of Band...

8.9AI score0.02148EPSS
Exploits1References2
Rows per page
Query Builder