CVE-2021-41792

More information about this CVE will likely be available in a few days.

Description

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.

Related CPE's

Could not find any relations

References

https://www.themissinglink.com.au/

https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io