3 matches found
CVE-2021-3856
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
PT-2022-10737 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns ClassLoaderTheme and ClasspathThemeResourceProviderFactory, which allow reading any file available as a resource to the classloader. ...
CVE-2021-21316
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...