2 matches found
GHSA-9MV7-3C64-MMQW xml2rfc is vulnerable to arbitrary file reads through prepped files
Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...
GHSA-CFMV-H8FX-85M7 xml2rfc has an arbitrary file read vulnerability
Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. Credits This vulnerability was reporte...